1# @ohos.security.cert (证书模块) 2 3证书算法库框架提供证书相关接口。其中,依赖加解密算法库框架的基础算法能力的部分,详细接口说明可参考[cryptoFramework API参考](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md)。 4 5> **说明:** 6> 7> 本模块首批接口从API version 9开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8 9## 导入模块 10 11```ts 12import { cert } from '@kit.DeviceCertificateKit'; 13import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 14``` 15 16## CertResult 17 18 表示执行结果的枚举。 19 20 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 21 22 **系统能力:** SystemCapability.Security.Cert 23 24| 名称 | 值 | 说明 | 25| --------------------------------------| -------- | -----------------------------| 26| INVALID_PARAMS | 401 | 非法入参。 | 27| NOT_SUPPORT | 801 | 操作不支持。 | 28| ERR_OUT_OF_MEMORY | 19020001 | 内存错误。 | 29| ERR_RUNTIME_ERROR | 19020002 | 运行时外部错误。 | 30| ERR_CRYPTO_OPERATION | 19030001 | 调用三方算法库API出错。 | 31| ERR_CERT_SIGNATURE_FAILURE | 19030002 | 证书签名验证错误。 | 32| ERR_CERT_NOT_YET_VALID | 19030003 | 证书尚未生效。 | 33| ERR_CERT_HAS_EXPIRED | 19030004 | 证书过期。 | 34| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | 无法获取证书的颁发者。 | 35| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | 证书的秘钥用途不含证书签名。 | 36| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | 证书的秘钥用途不含数字签名。 | 37 38## DataBlob 39buffer数组。 40 41 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 42 43 **系统能力:** SystemCapability.Security.Cert 44| 名称 | 类型 | 可读 | 可写 | 说明 | 45| -------------- | -------------- | ---- | ---- | ----------------| 46| data | Uint8Array | 是 | 是 | 数据。 | 47 48## DataArray 49 50buffer数组的列表。 51 52 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 53 54 **系统能力:** SystemCapability.Security.Cert 55| 名称 | 类型 | 可读 | 可写 | 说明 | 56| -------------- | -------------- | ---- | ---- | ----------------| 57| data | Uint8Array | 是 | 是 | 数据列表。 | 58 59## EncodingFormat 60 61 表示证书编码格式的枚举。 62 63**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 64 65 **系统能力:** SystemCapability.Security.Cert 66 67| 名称 | 值 | 说明 | 68| ---------- | ------ | --------- | 69| FORMAT_DER | 0 | DER格式。 | 70| FORMAT_PEM | 1 | PEM格式。 | 71| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS7格式。 | 72 73## CertItemType<sup>10+</sup> 74 75 表示获取证书字段的枚举。 76 77**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 78 79 **系统能力:** SystemCapability.Security.Cert 80 81| 名称 | 值 | 说明 | 82| -------------------------------- | ---- | ------------------------------ | 83| CERT_ITEM_TYPE_TBS | 0 | 表示获取证书的待签名信息。 | 84| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | 表示获取证书的公钥信息。 | 85| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | 表示获取证书的颁发者唯一编号。 | 86| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | 表示获取证书的主体唯一编号。 | 87| CERT_ITEM_TYPE_EXTENSIONS | 4 | 表示获取证书的扩展域信息。 | 88 89## ExtensionOidType<sup>10+</sup> 90 91 表示获取扩展域中对象标识符类型的枚举。 92 93 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 94 95 **系统能力:** SystemCapability.Security.Cert 96 97| 名称 | 值 | 说明 | 98| ----------------------------- | ---- | --------------------------------------------- | 99| EXTENSION_OID_TYPE_ALL | 0 | 表示获取扩展域中所有的对象标识符。 | 100| EXTENSION_OID_TYPE_CRITICAL | 1 | 表示获取扩展域中critical为true的对象标识符。 | 101| EXTENSION_OID_TYPE_UNCRITICAL | 2 | 表示获取扩展域中critical为false的对象标识符。 | 102 103## ExtensionEntryType<sup>10+</sup> 104 105 表示获取扩展域中对象类型的枚举。 106 107 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 108 109 **系统能力:** SystemCapability.Security.Cert 110 111| 名称 | 值 | 说明 | 112| ----------------------------------- | ---- | ---------------------------- | 113| EXTENSION_ENTRY_TYPE_ENTRY | 0 | 表示获取整个对象。 | 114| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | 表示获取对象的critical属性。 | 115| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | 表示获取对象的数据。 | 116 117## EncodingType<sup>12+</sup> 118 119 表示获取X509证书主体名称编码格式的枚举。 120 121**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 122 123 **系统能力:** SystemCapability.Security.Cert 124 125| 名称 | 值 | 说明 | 126| ---------- | ------ | --------- | 127| ENCODING_UTF8 | 0 | UTF8编码格式。 | 128 129## EncodingBlob 130 131带编码格式的证书二进制数组。 132 133### 属性 134 135**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 136 137**系统能力:** SystemCapability.Security.Cert 138 139| 名称 | 类型 | 可读 | 可写 | 说明 | 140| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 141| data | Uint8Array | 是 | 是 | 传入的证书数据。 | 142| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 143 144 145## CertChainData 146 147证书链数据,在证书链校验时,作为入参传入。 148 149### 属性 150 151**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 152 153**系统能力:** SystemCapability.Security.Cert 154 155| 名称 | 类型 | 可读 | 可写 | 说明 | 156| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 157| data | Uint8Array | 是 | 是 | 证书数据,按照长度(2字节)-数据的形式传入,如:08ABCDEFGH07ABCDEFG,第一本证书,前2个字节表示证书的长度为8字节,后面附加8字节的证书数据;第2本证书前2个字节表示证书的长度为7字节,后面附加7字节的证书数据。 | 158| count | number | 是 | 是 | 传入的数据中,包含的证书数量。 | 159| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 160 161## GeneralNameType<sup>12+</sup> 162 163表示证书主体用途的枚举。 164 165**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 166 167**系统能力:** SystemCapability.Security.Cert 168 169| 名称 | 值 | 说明 | 170| -------------- | --------------------------------- | ------------------ | 171| GENERAL_NAME_TYPE_OTHER_NAME | 0 | 表示其他名称。 | 172| GENERAL_NAME_TYPE_RFC822_NAME | 1 | 表示电子邮件地址。 | 173| GENERAL_NAME_TYPE_DNS_NAME | 2 | 表示一个DNS名称。 | 174| GENERAL_NAME_TYPE_X400_ADDRESS | 3 | 表示X.400地址。 | 175| GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | 表示一个目录名称。 | 176| GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | 表示特定的EDI实体。 | 177| GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | 表示一个统一资源标识符。 | 178| GENERAL_NAME_TYPE_IP_ADDRESS | 7 | 表示一个IP地址。 | 179| GENERAL_NAME_TYPE_REGISTERED_ID | 8 | 表示一个已注册的对象标识符。 | 180 181## GeneralName<sup>12+</sup> 182 183用于表示证书主体信息对象。 184 185**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 186 187**系统能力:** SystemCapability.Security.Cert 188 189| 名称 | 类型 | 必填 | 说明 | 190| -------------- | --------------------------------- | ---- | ------------------ | 191| type | [GeneralNameType](#generalname12) | 是 | 指定具体的证书主体类型。 | 192| name | Uint8Array | 否 | 指定具体的证书主体DER格式内容。 | 193 194## X509CertMatchParameters<sup>11+</sup> 195 196用于匹配证书的过滤参数。如果参数中任一项都未指定,则匹配所有证书。 197 198**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 199 200**系统能力:** SystemCapability.Security.Cert 201 202| 名称 | 类型 | 必填 | 说明 | 203| -------------- | --------------------------------- | ---- | ------------------ | 204| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象。 | 205| validDate | string | 否 | 指定证书有效期。 | 206| issuer | Uint8Array | 否 | 指定证书颁发者,为DER编码格式。 | 207| keyUsage | Array\<boolean> | 否 | 指定是否需要匹配密钥用途。 | 208| serialNumber | bigint | 否 | 指定证书的序列号。 | 209| subject | Uint8Array | 否 | 指定证书主题,DER编码格式。 | 210| publicKey | [DataBlob](#datablob) | 否 | 指定证书公钥,DER编码格式。 | 211| publicKeyAlgID | string | 否 | 指定证书公钥的算法。 | 212| subjectAlternativeNames<sup>12+</sup> | Array\<[GeneralName](#generalname12)> | 否 | 指定证书主体名称。 | 213| matchAllSubjectAltNames<sup>12+</sup> | boolean | 否 | 指定是否需要匹配证书主体名称。 | 214| authorityKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书颁发机构秘钥。 | 215| minPathLenConstraint<sup>12+</sup> | number | 否 | 指定证书CA路径长度。 | 216| extendedKeyUsage<sup>12+</sup> | Array\<string> | 否 | 指定证书扩展用途。 | 217| nameConstraints<sup>12+</sup> | Uint8Array | 否 | 指定证书的使用者名称。 | 218| certPolicy<sup>12+</sup> | Array\<string> | 否 | 指定证书策略。 | 219| privateKeyValid<sup>12+</sup> | string | 否 | 指定证书私钥有效期。 | 220| subjectKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书公钥。 | 221 222## X509CRLMatchParameters<sup>11+</sup> 223 224用于匹配证书吊销列表的过滤参数。如果参数中任一项都未指定,则匹配所有证书吊销列表。 225 226**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 227 228**系统能力:** SystemCapability.Security.Cert 229 230| 名称 | 类型 | 必填 | 说明 | 231| -------------- | --------------------------------- | ---- | ------------------ | 232| issuer | Array\<Uint8Array> | 否 | 指定颁发者作为过滤条件, 至少要匹配到其中一个issuer。 | 233| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象作为过滤条件, 判断该证书是否在CRL列表中。 | 234| updateDateTime<sup>12+</sup> | string | 否 | 指定证书更新时间。 | 235| maxCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最大值。 | 236| minCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最小值。 | 237 238## CertChainBuildParameters<sup>12+</sup> 239 240用于指定证书链创建参数。 241 242**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 243 244**系统能力:** SystemCapability.Security.Cert 245 246| 名称 | 类型 | 必填 | 说明 | 247| -------------- | --------------------------------- | ---- | ------------------ | 248| certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 指定过滤条件。 | 249| maxLength | number | 否 | 指定最终证书链中CA证书的最大长度。 | 250| validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 指定验证条件。 | 251 252## CertChainBuildResult<sup>12+</sup> 253 254用于指定证书链创建结果。 255 256**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 257 258**系统能力:** SystemCapability.Security.Cert 259 260| 名称 | 类型 | 必填 | 说明 | 261| -------------- | --------------------------------- | ---- | ------------------ | 262| certChain | [X509CertChain](#x509certchain11) | 是 | 生成的证书链对象。 | 263| validationResult | [CertChainValidationResult](#certchainvalidationresult11) | 是 | 指定最终证书链的最大长度。 | 264 265## X509TrustAnchor<sup>11+</sup> 266 267表示X509信任锚,用于校验证书链。使用信任锚中的证书或者公钥作为可信根,对证书链进行校验。 268 269**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 270 271**系统能力:** SystemCapability.Security.Cert 272 273| 名称 | 类型 | 可读 | 可写 | 说明 | 274| --------- | --------------------- | ---- | ---- | --------------------------- | 275| CACert | [X509Cert](#x509cert) | 是 | 是 | 信任的CA证书。 | 276| CAPubKey | Uint8Array | 是 | 是 | 信任的CA证书公钥, DER格式。 | 277| CASubject | Uint8Array | 是 | 是 | 信任的CA证书主题, DER格式。 | 278| nameConstraints<sup>12+</sup> | Uint8Array | 是 | 是 | 名称约束, DER格式。 | 279 280## RevocationCheckOptions<sup>12+</sup> 281 282 表示证书链在线校验证书吊销状态选项的枚举。 283 284 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 285 286 **系统能力:** SystemCapability.Security.Cert 287 288| 名称 | 值 | 说明 | 289| --------------------------------------| -------- | -----------------------------| 290| REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | 优先采用OCSP进行校验,默认采用CRL校验。 | 291| REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | 支持通过访问网络获取CRL或OCSP响应进行吊销状态的校验,默认为关闭。 | 292| REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | 当ACCESS_NETWORK选项打开时有效,如果优选的校验方法由于网络原因导致无法校验证书状态,则采用备选的方案进行校验。 | 293| REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | 当ACCESS_NETWORK选项打开时有效,如果在线获取CRL和OCSP响应都由于网络的原因导致无法校验证书状态,则采用本地设置的CRL和OCSP响应进行校验。 | 294 295## ValidationPolicyType<sup>12+</sup> 296 297 表示证书链在线校验策略的枚举。 298 299 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 300 301 **系统能力:** SystemCapability.Security.Cert 302 303| 名称 | 值 | 说明 | 304| --------------------------------------| -------- | -----------------------------| 305| VALIDATION_POLICY_TYPE_X509 | 0 | 默认值,不需要校验证书中的sslHostname或dNSName。 | 306| VALIDATION_POLICY_TYPE_SSL | 1 | 需要校验证书中的sslHostname或dNSName。 | 307 308## KeyUsageType<sup>12+</sup> 309 310 表示证书中密钥用途的枚举。 311 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 312 313 **系统能力:** SystemCapability.Security.Cert 314 315| 名称 | 值 | 说明 | 316| --------------------------------------| -------- | -----------------------------| 317| KEYUSAGE_DIGITAL_SIGNATURE | 0 | 证书持有者可以用证书中包含的私钥进行数字签名操作。 | 318| KEYUSAGE_NON_REPUDIATION | 1 | 证书持有者不可否认使用证书中包含的私钥进行的数字签名操作。 | 319| KEYUSAGE_KEY_ENCIPHERMENT | 2 | 证书持有者可以使用证书中包含的公钥进行密钥加密操作。 | 320| KEYUSAGE_DATA_ENCIPHERMENT | 3 | 证书持有者可以使用证书中包含的公钥进行数据加密操作。 | 321| KEYUSAGE_KEY_AGREEMENT | 4 | 证书持有者可以使用证书中包含的私钥进行密钥协商操作。 | 322| KEYUSAGE_KEY_CERT_SIGN | 5 | 证书持有者可以使用证书中包含的私钥对其他证书进行签名。 | 323| KEYUSAGE_CRL_SIGN | 6 | 证书持有者可以使用证书中包含的私钥对证书吊销列表(CRL)进行签名。 | 324| KEYUSAGE_ENCIPHER_ONLY | 7 | 证书持有者只能进行加密操作,不能进行解密操作。 | 325| KEYUSAGE_DECIPHER_ONLY | 8 | 证书持有者只能进行解密操作,不能进行加密操作。 | 326 327## RevocationCheckParameter<sup>12+</sup> 328 329表示证书链校验证书吊销状态的参数。 330 331**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 332 333**系统能力:** SystemCapability.Security.Cert 334 335| 名称 | 类型 | 必填 | 说明 | 336| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 337| ocspRequestExtension | Array\<Uint8Array> | 否 | 表示发送OCSP请求的扩展字段。| 338| ocspResponderURI | string | 否 | 表示用于OCSP请求的备选服务器URL地址,支持HTTP/HTTPS,具体配置由与服务器协商决定。 | 339| ocspResponderCert | [X509Cert](#x509cert) | 否 | 表示用于OCSP响应的签名校验的签名证书。 | 340| ocspResponses | Uint8Array | 否 | 表示用于OCSP服务器响应的备选数据。 | 341| crlDownloadURI | string | 否 | 表示用于CRL请求的备选下载地址。 | 342| options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | 否 | 表示证书吊销状态查询的策略组合。 | 343| ocspDigest | string | 否 | 表示OCSP通信时创建证书ID使用的哈希算法。默认为SHA256,支持可配置MD5、SHA1、SHA224、SHA256、SHA384、SHA512算法。 | 344 345## CertChainValidationParameters<sup>11+</sup> 346 347表示证书链校验的参数。 348 349**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 350 351**系统能力:** SystemCapability.Security.Cert 352 353| 名称 | 类型 | 必填 | 说明 | 354| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 355| date | string | 否 | 表示需要校验证书的有效期。 | 356| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | 是 | 表示信任锚列表。 | 357| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | 否 | 表示需要校验证书是否在证书吊销列表中。 | 358| revocationCheckParam<sup>12+</sup> | [RevocationCheckParameter](#revocationcheckparameter12) | 否 | 表示需要在线校验证证书吊销状态的参数对象。 | 359| policy<sup>12+</sup> | [ValidationPolicyType](#validationpolicytype12) | 否 | 表示需要校验证书的策略类型。 | 360| sslHostname<sup>12+</sup> | string | 否 | 表示需要校验证书中主机名,与policy配合使用。 | 361| keyUsage<sup>12+</sup> | Array\<[KeyUsageType](#keyusagetype12)> | 否 | 表示需要校验证书中的密钥用途。 | 362 363## CertChainValidationResult<sup>11+</sup> 364 365表示证书链校验的返回值。 366 367**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 368 369**系统能力:** SystemCapability.Security.Cert 370 371| 名称 | 类型 | 可读 | 可写 | 说明 | 372| ----------- | ------------------------------------- | ---- | ---- | -------------- | 373| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | 是 | 否 | 表示信任锚。 | 374| entityCert | [X509Cert](#x509cert) | 是 | 否 | 表示实体证书。 | 375 376## cert.createX509Cert 377 378createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 379 380表示创建X509证书对象,使用Callback回调异步返回结果。 381 382**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 383 384**系统能力:** SystemCapability.Security.Cert 385 386**参数:** 387 388| 参数名 | 类型 | 必填 | 说明 | 389| -------- | ------------------------------------- | ---- | -------------------------- | 390| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据 | 391| callback | AsyncCallback\<[X509Cert](#x509cert)> | 是 | 回调函数。表示X509证书对象 | 392 393**错误码:** 394 395以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 396 397| 错误码ID | 错误信息 | 398| -------- | ------------- | 399| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 400| 801 | this operation is not supported. | 401| 19020001 | memory error. | 402 403**示例:** 404 405```ts 406import { cert } from '@kit.DeviceCertificateKit'; 407 408// string转Uint8Array 409function stringToUint8Array(str: string): Uint8Array { 410 let arr: Array<number> = []; 411 for (let i = 0, j = str.length; i < j; i++) { 412 arr.push(str.charCodeAt(i)); 413 } 414 return new Uint8Array(arr); 415} 416 417// 证书二进制数据,需业务自行赋值 418let certData = '-----BEGIN CERTIFICATE-----\n' + 419 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 420 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 421 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 422 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 423 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 424 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 425 'Qw==\n' + 426 '-----END CERTIFICATE-----\n'; 427 428let encodingBlob: cert.EncodingBlob = { 429 data: stringToUint8Array(certData), 430 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 431 encodingFormat: cert.EncodingFormat.FORMAT_PEM 432}; 433 434cert.createX509Cert(encodingBlob, (error, x509Cert) => { 435 if (error) { 436 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 437 } else { 438 console.log('createX509Cert success'); 439 } 440}); 441``` 442 443## cert.createX509Cert 444 445createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 446 447表示创建X509证书对象,使用Promise方式异步返回结果。 448 449**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 450 451**系统能力:** SystemCapability.Security.Cert 452 453**参数:** 454 455| 参数名 | 类型 | 必填 | 说明 | 456| -------- | ----------------------------- | ---- | ------------------ | 457| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据 | 458 459**返回值:** 460 461| 类型 | 说明 | 462| ------- | ---------------- | 463| Promise\<[X509Cert](#x509cert)> | 表示X509证书对象 | 464 465**错误码:** 466 467以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 468 469| 错误码ID | 错误信息 | 470| -------- | ------------- | 471| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 472| 801 | this operation is not supported. | 473| 19020001 | memory error. | 474 475**示例:** 476 477```ts 478import { cert } from '@kit.DeviceCertificateKit'; 479import { BusinessError } from '@kit.BasicServicesKit'; 480 481// string转Uint8Array 482function stringToUint8Array(str: string): Uint8Array { 483 let arr: Array<number> = []; 484 for (let i = 0, j = str.length; i < j; i++) { 485 arr.push(str.charCodeAt(i)); 486 } 487 return new Uint8Array(arr); 488} 489 490// 证书二进制数据,需业务自行赋值 491let certData = '-----BEGIN CERTIFICATE-----\n' + 492 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 493 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 494 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 495 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 496 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 497 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 498 'Qw==\n' + 499 '-----END CERTIFICATE-----\n'; 500 501let encodingBlob: cert.EncodingBlob = { 502 data: stringToUint8Array(certData), 503 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 504 encodingFormat: cert.EncodingFormat.FORMAT_PEM 505}; 506 507cert.createX509Cert(encodingBlob).then(x509Cert => { 508 console.log('createX509Cert success'); 509}).catch((error: BusinessError) => { 510 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 511}); 512``` 513 514## X509Cert 515 516X509证书类。 517 518### verify 519 520verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 521 522表示对证书验签,使用Callback回调异步返回结果。 523 524**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 525 526**系统能力:** SystemCapability.Security.Cert 527 528**参数:** 529 530| 参数名 | 类型 | 必填 | 说明 | 531| -------- | --------------------- | ---- | ------------------------------------------------------------ | 532| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象 | 533| callback | AsyncCallback\<void> | 是 | 回调函数。使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,不为null表示失败 | 534 535**错误码:** 536 537以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 538 539| 错误码ID | 错误信息 | 540| -------- | ------------------ | 541| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 542| 19030001 | crypto operation error. | 543 544**示例:** 545 546```ts 547import { cert } from '@kit.DeviceCertificateKit'; 548import { BusinessError } from '@kit.BasicServicesKit'; 549 550// string转Uint8Array 551function stringToUint8Array(str: string): Uint8Array { 552 let arr: Array<number> = []; 553 for (let i = 0, j = str.length; i < j; i++) { 554 arr.push(str.charCodeAt(i)); 555 } 556 return new Uint8Array(arr); 557} 558 559// 证书二进制数据,需业务自行赋值 560let certData = '-----BEGIN CERTIFICATE-----\n' + 561 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 562 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 563 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 564 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 565 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 566 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 567 'Qw==\n' + 568 '-----END CERTIFICATE-----\n'; 569 570let encodingBlob: cert.EncodingBlob = { 571 data: stringToUint8Array(certData), 572 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 573 encodingFormat: cert.EncodingFormat.FORMAT_PEM 574}; 575 576cert.createX509Cert(encodingBlob, (error, x509Cert) => { 577 if (error) { 578 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 579 } else { 580 console.log('createX509Cert success'); 581 582 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey 583 try { 584 let pubKey = x509Cert.getPublicKey(); 585 586 // 验证证书签名 587 x509Cert.verify(pubKey, (err, data) => { 588 if (err) { 589 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 590 } else { 591 console.log('verify success'); 592 } 593 }); 594 } catch (error) { 595 let e: BusinessError = error as BusinessError; 596 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 597 } 598 } 599}); 600``` 601 602### verify 603 604verify(key : cryptoFramework.PubKey) : Promise\<void> 605 606表示对证书验签,使用Promise方式异步返回结果。 607 608**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 609 610**系统能力:** SystemCapability.Security.Cert 611 612**参数:** 613 614| 参数名 | 类型 | 必填 | 说明 | 615| ------ | ------ | ---- | ------------------ | 616| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象 | 617 618**返回值:** 619 620| 类型 | 说明 | 621| -------------- | ----------- | 622| Promise\<void> | Promise对象 | 623 624**错误码:** 625 626以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 627 628| 错误码ID | 错误信息 | 629| -------- | ------------------ | 630| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 631| 19030001 | crypto operation error. | 632 633**示例:** 634 635```ts 636import { cert } from '@kit.DeviceCertificateKit'; 637import { BusinessError } from '@kit.BasicServicesKit'; 638 639// string转Uint8Array 640function stringToUint8Array(str: string): Uint8Array { 641 let arr: Array<number> = []; 642 for (let i = 0, j = str.length; i < j; i++) { 643 arr.push(str.charCodeAt(i)); 644 } 645 return new Uint8Array(arr); 646} 647 648// 证书二进制数据,需业务自行赋值 649let certData = '-----BEGIN CERTIFICATE-----\n' + 650 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 651 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 652 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 653 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 654 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 655 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 656 'Qw==\n' + 657 '-----END CERTIFICATE-----\n'; 658 659let encodingBlob: cert.EncodingBlob = { 660 data: stringToUint8Array(certData), 661 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 662 encodingFormat: cert.EncodingFormat.FORMAT_PEM 663}; 664 665cert.createX509Cert(encodingBlob).then(x509Cert => { 666 console.log('createX509Cert success'); 667 668 try { 669 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey 670 let pubKey = x509Cert.getPublicKey(); 671 x509Cert.verify(pubKey).then(result => { 672 console.log('verify success'); 673 }).catch((error: BusinessError) => { 674 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 675 }); 676 } catch (err) { 677 console.error('get public key failed'); 678 } 679}).catch((error: BusinessError) => { 680 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 681}); 682``` 683 684### getEncoded 685 686getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 687 688表示获取X509证书序列化数据,使用Callback回调异步返回结果。 689 690**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 691 692**系统能力:** SystemCapability.Security.Cert 693 694**参数**: 695 696| 参数名 | 类型 | 必填 | 说明 | 697| -------- | --------------------------------------------- | ---- | -------------------------------- | 698| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示X509证书序列化数据 | 699 700**错误码:** 701 702以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 703 704| 错误码ID | 错误信息 | 705| -------- | ------------------------------------------------- | 706| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 707| 19020001 | memory error. | 708| 19020002 | runtime error. | 709| 19030001 | crypto operation error.| 710 711**示例:** 712 713```ts 714import { cert } from '@kit.DeviceCertificateKit'; 715 716// string转Uint8Array 717function stringToUint8Array(str: string): Uint8Array { 718 let arr: Array<number> = []; 719 for (let i = 0, j = str.length; i < j; i++) { 720 arr.push(str.charCodeAt(i)); 721 } 722 return new Uint8Array(arr); 723} 724 725// 证书二进制数据,需业务自行赋值 726let certData = '-----BEGIN CERTIFICATE-----\n' + 727 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 728 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 729 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 730 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 731 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 732 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 733 'Qw==\n' + 734 '-----END CERTIFICATE-----\n'; 735 736let encodingBlob: cert.EncodingBlob = { 737 data: stringToUint8Array(certData), 738 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 739 encodingFormat: cert.EncodingFormat.FORMAT_PEM 740}; 741 742cert.createX509Cert(encodingBlob, (error, x509Cert) => { 743 if (error) { 744 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 745 } else { 746 console.log('createX509Cert success'); 747 x509Cert.getEncoded((error, data) => { 748 if (error) { 749 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 750 } else { 751 console.log('getEncoded success'); 752 } 753 }); 754 } 755}); 756``` 757 758### getEncoded 759 760getEncoded() : Promise\<EncodingBlob> 761 762表示获取X509证书序列化数据,使用Promise方式异步返回结果。 763 764**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 765 766**系统能力:** SystemCapability.Security.Cert 767 768**返回值**: 769 770| 类型 | 说明 | 771| --------------------------------------- | ---------------------- | 772| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书序列化数据 | 773 774**错误码:** 775 776以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 777 778| 错误码ID | 错误信息 | 779| -------- | ------------------------------------------------- | 780| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 781| 19020001 | memory error. | 782| 19020002 | runtime error. | 783| 19030001 | crypto operation error.| 784 785**示例:** 786 787```ts 788import { cert } from '@kit.DeviceCertificateKit'; 789import { BusinessError } from '@kit.BasicServicesKit'; 790 791// string转Uint8Array 792function stringToUint8Array(str: string): Uint8Array { 793 let arr: Array<number> = []; 794 for (let i = 0, j = str.length; i < j; i++) { 795 arr.push(str.charCodeAt(i)); 796 } 797 return new Uint8Array(arr); 798} 799 800// 证书二进制数据,需业务自行赋值 801let certData = '-----BEGIN CERTIFICATE-----\n' + 802 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 803 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 804 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 805 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 806 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 807 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 808 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 809 '-----END CERTIFICATE-----\n'; 810 811// 证书二进制数据,需业务自行赋值 812let encodingBlob: cert.EncodingBlob = { 813 data: stringToUint8Array(certData), 814 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 815 encodingFormat: cert.EncodingFormat.FORMAT_PEM 816}; 817cert.createX509Cert(encodingBlob).then(x509Cert => { 818 console.log('createX509Cert success'); 819 x509Cert.getEncoded().then(result => { 820 console.log('getEncoded success'); 821 }).catch((error: BusinessError) => { 822 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 823 }); 824}).catch((error: BusinessError) => { 825 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 826}); 827``` 828 829### getPublicKey 830 831getPublicKey() : cryptoFramework.PubKey 832 833表示获取X509证书公钥。 834 835**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 836 837**系统能力:** SystemCapability.Security.Cert 838 839**返回值**: 840 841| 类型 | 说明 | 842| ------ | ---------------- | 843| [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | X509证书公钥对象:仅用于X509Cert的verify接口 | 844 845**错误码:** 846 847以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 848 849| 错误码ID | 错误信息 | 850| -------- | ------------------------------------------------- | 851| 19020001 | memory error. | 852| 19030001 | crypto operation error.| 853 854**示例:** 855 856```ts 857import { cert } from '@kit.DeviceCertificateKit'; 858import { BusinessError } from '@kit.BasicServicesKit'; 859 860// string转Uint8Array 861function stringToUint8Array(str: string): Uint8Array { 862 let arr: Array<number> = []; 863 for (let i = 0, j = str.length; i < j; i++) { 864 arr.push(str.charCodeAt(i)); 865 } 866 return new Uint8Array(arr); 867} 868 869// 证书二进制数据,需业务自行赋值 870let certData = '-----BEGIN CERTIFICATE-----\n' + 871 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 872 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 873 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 874 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 875 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 876 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 877 'Qw==\n' + 878 '-----END CERTIFICATE-----\n'; 879 880let encodingBlob: cert.EncodingBlob = { 881 data: stringToUint8Array(certData), 882 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 883 encodingFormat: cert.EncodingFormat.FORMAT_PEM 884}; 885 886cert.createX509Cert(encodingBlob, (error, x509Cert) => { 887 if (error) { 888 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 889 } else { 890 console.log('createX509Cert success'); 891 try { 892 let pubKey = x509Cert.getPublicKey(); 893 } catch (error) { 894 let e: BusinessError = error as BusinessError; 895 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 896 } 897 } 898}); 899``` 900 901### checkValidityWithDate 902 903checkValidityWithDate(date: string) : void 904 905表示检查X509证书有效期。 906 907**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 908 909**系统能力:** SystemCapability.Security.Cert 910 911**参数**: 912 913| 参数名 | 类型 | 必填 | 说明 | 914| -------- | -------------- | ---- | ---------- | 915| date | string | 是 | 日期,为ASN.1时间格式。 | 916 917**错误码:** 918 919以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 920 921| 错误码ID | 错误信息 | 922| -------- | ------------------------------------------------- | 923| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 924| 19020001 | memory error. | 925| 19030001 | crypto operation error.| 926| 19030003 | the certificate has not taken effect. | 927| 19030004 | the certificate has expired.| 928 929**示例:** 930 931```ts 932import { cert } from '@kit.DeviceCertificateKit'; 933import { BusinessError } from '@kit.BasicServicesKit'; 934 935// string转Uint8Array 936function stringToUint8Array(str: string): Uint8Array { 937 let arr: Array<number> = []; 938 for (let i = 0, j = str.length; i < j; i++) { 939 arr.push(str.charCodeAt(i)); 940 } 941 return new Uint8Array(arr); 942} 943 944// 证书二进制数据,需业务自行赋值 945let certData = '-----BEGIN CERTIFICATE-----\n' + 946 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 947 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 948 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 949 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 950 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 951 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 952 'Qw==\n' + 953 '-----END CERTIFICATE-----\n'; 954 955let encodingBlob: cert.EncodingBlob = { 956 data: stringToUint8Array(certData), 957 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 958 encodingFormat: cert.EncodingFormat.FORMAT_PEM 959}; 960 961cert.createX509Cert(encodingBlob, (error, x509Cert) => { 962 if (error) { 963 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 964 } else { 965 console.log('createX509Cert success'); 966 967 let date = '231001000001Z'; 968 // Verify the certificate validity period. 969 try { 970 x509Cert.checkValidityWithDate(date); 971 } catch (error) { 972 let e: BusinessError = error as BusinessError; 973 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 974 } 975 } 976}); 977``` 978 979### getVersion 980 981getVersion() : number 982 983表示获取X509证书版本。 984 985**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 986 987**系统能力:** SystemCapability.Security.Cert 988 989**返回值**: 990 991| 类型 | 说明 | 992| ------ | ---------------- | 993| number | 表示X509证书版本 | 994 995**示例:** 996 997```ts 998import { cert } from '@kit.DeviceCertificateKit'; 999 1000// string转Uint8Array 1001function stringToUint8Array(str: string): Uint8Array { 1002 let arr: Array<number> = []; 1003 for (let i = 0, j = str.length; i < j; i++) { 1004 arr.push(str.charCodeAt(i)); 1005 } 1006 return new Uint8Array(arr); 1007} 1008 1009// 证书二进制数据,需业务自行赋值 1010let certData = '-----BEGIN CERTIFICATE-----\n' + 1011 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1012 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1013 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1014 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1015 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1016 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1017 'Qw==\n' + 1018 '-----END CERTIFICATE-----\n'; 1019 1020let encodingBlob: cert.EncodingBlob = { 1021 data: stringToUint8Array(certData), 1022 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1023 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1024}; 1025cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1026 if (error) { 1027 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1028 } else { 1029 console.log('createX509Cert success'); 1030 let version = x509Cert.getVersion(); 1031 } 1032}); 1033``` 1034 1035### getSerialNumber<sup>(deprecated)</sup> 1036 1037getSerialNumber() : number 1038 1039表示获取X509证书序列号。 1040 1041> **说明:** 1042> 1043> 从API version 9开始支持,从API version 10开始废弃,建议使用[getCertSerialNumber](#getcertserialnumber10)替代。 1044 1045**系统能力:** SystemCapability.Security.Cert 1046 1047**返回值**: 1048 1049| 类型 | 说明 | 1050| ------ | ------------------ | 1051| number | 表示X509证书序列号 | 1052 1053**示例:** 1054 1055```ts 1056import { cert } from '@kit.DeviceCertificateKit'; 1057 1058// string转Uint8Array 1059function stringToUint8Array(str: string): Uint8Array { 1060 let arr: Array<number> = []; 1061 for (let i = 0, j = str.length; i < j; i++) { 1062 arr.push(str.charCodeAt(i)); 1063 } 1064 return new Uint8Array(arr); 1065} 1066 1067// 证书二进制数据,需业务自行赋值 1068let certData = '-----BEGIN CERTIFICATE-----\n' + 1069 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1070 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1071 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1072 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1073 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1074 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1075 'Qw==\n' + 1076 '-----END CERTIFICATE-----\n'; 1077 1078let encodingBlob: cert.EncodingBlob = { 1079 data: stringToUint8Array(certData), 1080 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1081 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1082}; 1083 1084cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1085 if (error) { 1086 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1087 } else { 1088 console.log('createX509Cert success'); 1089 let serialNumber = x509Cert.getSerialNumber(); 1090 } 1091}); 1092``` 1093 1094### getCertSerialNumber<sup>10+</sup> 1095 1096getCertSerialNumber() : bigint 1097 1098表示获取X509证书序列号。 1099 1100**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1101 1102**系统能力:** SystemCapability.Security.Cert 1103 1104**返回值**: 1105 1106| 类型 | 说明 | 1107| ------ | ------------------ | 1108| bigint | 表示X509证书序列号 | 1109 1110**错误码:** 1111 1112以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1113 1114| 错误码ID | 错误信息 | 1115| -------- | ------------------------------------------------- | 1116| 19020002 | runtime error. | 1117 1118**示例:** 1119 1120```ts 1121import { cert } from '@kit.DeviceCertificateKit'; 1122import { BusinessError } from '@kit.BasicServicesKit'; 1123 1124// string转Uint8Array 1125function stringToUint8Array(str: string): Uint8Array { 1126 let arr: Array<number> = []; 1127 for (let i = 0, j = str.length; i < j; i++) { 1128 arr.push(str.charCodeAt(i)); 1129 } 1130 return new Uint8Array(arr); 1131} 1132 1133// 证书二进制数据,需业务自行赋值 1134let certData = '-----BEGIN CERTIFICATE-----\n' + 1135 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1136 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1137 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1138 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1139 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1140 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1141 'Qw==\n' + 1142 '-----END CERTIFICATE-----\n'; 1143 1144let encodingBlob: cert.EncodingBlob = { 1145 data: stringToUint8Array(certData), 1146 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1147 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1148}; 1149 1150cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1151 if (error) { 1152 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1153 } else { 1154 console.log('createX509Cert success'); 1155 try { 1156 let serialNumber = x509Cert.getCertSerialNumber(); 1157 } catch (err) { 1158 let e: BusinessError = err as BusinessError; 1159 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1160 } 1161 } 1162}); 1163``` 1164 1165### getIssuerName 1166 1167getIssuerName() : DataBlob 1168 1169表示获取X509证书颁发者名称。 1170 1171**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1172 1173**系统能力:** SystemCapability.Security.Cert 1174 1175**返回值**: 1176 1177| 类型 | 说明 | 1178| --------------------- | ---------------------- | 1179| [DataBlob](#datablob) | 表示X509证书颁发者名称 | 1180 1181**错误码:** 1182 1183以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1184 1185| 错误码ID | 错误信息 | 1186| -------- | ------------------------------------------------- | 1187| 19020001 | memory error. | 1188| 19020002 | runtime error. | 1189| 19030001 | crypto operation error.| 1190 1191**示例:** 1192 1193```ts 1194import { cert } from '@kit.DeviceCertificateKit'; 1195import { BusinessError } from '@kit.BasicServicesKit'; 1196 1197// string转Uint8Array 1198function stringToUint8Array(str: string): Uint8Array { 1199 let arr: Array<number> = []; 1200 for (let i = 0, j = str.length; i < j; i++) { 1201 arr.push(str.charCodeAt(i)); 1202 } 1203 return new Uint8Array(arr); 1204} 1205 1206// 证书二进制数据,需业务自行赋值 1207let certData = '-----BEGIN CERTIFICATE-----\n' + 1208 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1209 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1210 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1211 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1212 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1213 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1214 'Qw==\n' + 1215 '-----END CERTIFICATE-----\n'; 1216 1217let encodingBlob: cert.EncodingBlob = { 1218 data: stringToUint8Array(certData), 1219 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1220 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1221}; 1222 1223cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1224 if (error) { 1225 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1226 } else { 1227 console.log('createX509Cert success'); 1228 try { 1229 let issuerName = x509Cert.getIssuerName(); 1230 } catch (err) { 1231 let e: BusinessError = err as BusinessError; 1232 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1233 } 1234 } 1235}); 1236``` 1237 1238### getSubjectName 1239 1240getSubjectName(encodingType?: EncodingType) : DataBlob 1241 1242表示获取X509证书主体名称。 1243 1244**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1245 1246**系统能力:** SystemCapability.Security.Cert 1247 1248**参数**: 1249 1250| 参数名 | 类型 | 必填 | 说明 | 1251| -------- | ------------------------------------- | ---- | ------------------------------ | 1252| encodingType | [EncodingType](#encodingtype12) | 否 | 编码类型。设置参数表示获取UTF8格式编码;不设置默认获取ASCII格式编码。<br>API 12后支持设置此参数。 | 1253 1254**返回值**: 1255 1256| 类型 | 说明 | 1257| --------------------- | -------------------- | 1258| [DataBlob](#datablob) | 表示X509证书主体名称 | 1259 1260**错误码:** 1261 1262以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1263 1264| 错误码ID | 错误信息 | 1265| -------- | ------------------------------------------------- | 1266| 401 | invalid parameters. Possible causes: <br>1. Incorrect parameter types;<br>2. Parameter verification failed. | 1267| 19020001 | memory error. | 1268| 19020002 | runtime error. | 1269| 19030001 | crypto operation error.| 1270 1271**示例:** 1272 1273```ts 1274import { cert } from '@kit.DeviceCertificateKit'; 1275import { BusinessError } from '@kit.BasicServicesKit'; 1276 1277// string转Uint8Array 1278function stringToUint8Array(str: string): Uint8Array { 1279 let arr: Array<number> = []; 1280 for (let i = 0, j = str.length; i < j; i++) { 1281 arr.push(str.charCodeAt(i)); 1282 } 1283 return new Uint8Array(arr); 1284} 1285 1286// 证书二进制数据,需业务自行赋值 1287let certData = '-----BEGIN CERTIFICATE-----\n' + 1288 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1289 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1290 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1291 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1292 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1293 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1294 'Qw==\n' + 1295 '-----END CERTIFICATE-----\n'; 1296 1297let encodingBlob: cert.EncodingBlob = { 1298 data: stringToUint8Array(certData), 1299 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1300 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1301}; 1302 1303cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1304 if (error) { 1305 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1306 } else { 1307 console.log('createX509Cert success'); 1308 try { 1309 let subjectName = x509Cert.getSubjectName(); 1310 } catch (err) { 1311 let e: BusinessError = err as BusinessError; 1312 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1313 } 1314 try { 1315 let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); 1316 } catch (err) { 1317 let e: BusinessError = err as BusinessError; 1318 console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1319 } 1320 } 1321}); 1322``` 1323 1324### getNotBeforeTime 1325 1326getNotBeforeTime() : string 1327 1328表示获取X509证书有效期起始时间。 1329 1330**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1331 1332**系统能力:** SystemCapability.Security.Cert 1333 1334**返回值**: 1335 1336| 类型 | 说明 | 1337| ------ | ------------------------------------------------------------ | 1338| string | 表示X509证书有效期起始时间,日期为ASN.1时间格式。 | 1339 1340**错误码:** 1341 1342以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1343 1344| 错误码ID | 错误信息 | 1345| -------- | ------------------------------------------------- | 1346| 19020001 | memory error. | 1347| 19020002 | runtime error. | 1348| 19030001 | crypto operation error.| 1349 1350**示例:** 1351 1352```ts 1353import { cert } from '@kit.DeviceCertificateKit'; 1354import { BusinessError } from '@kit.BasicServicesKit'; 1355 1356// string转Uint8Array 1357function stringToUint8Array(str: string): Uint8Array { 1358 let arr: Array<number> = []; 1359 for (let i = 0, j = str.length; i < j; i++) { 1360 arr.push(str.charCodeAt(i)); 1361 } 1362 return new Uint8Array(arr); 1363} 1364 1365// 证书二进制数据,需业务自行赋值 1366let certData = '-----BEGIN CERTIFICATE-----\n' + 1367 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1368 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1369 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1370 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1371 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1372 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1373 'Qw==\n' + 1374 '-----END CERTIFICATE-----\n'; 1375 1376let encodingBlob: cert.EncodingBlob = { 1377 data: stringToUint8Array(certData), 1378 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1379 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1380}; 1381 1382cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1383 if (error) { 1384 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1385 } else { 1386 console.log('createX509Cert success'); 1387 try { 1388 let notBefore = x509Cert.getNotBeforeTime(); 1389 } catch (err) { 1390 let e: BusinessError = err as BusinessError; 1391 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1392 } 1393 } 1394}); 1395``` 1396 1397### getNotAfterTime 1398 1399getNotAfterTime() : string 1400 1401表示获取X509证书有效期截止时间。 1402 1403**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1404 1405**系统能力:** SystemCapability.Security.Cert 1406 1407**返回值**: 1408 1409| 类型 | 说明 | 1410| ------ | ------------------------------------------------------------ | 1411| string | 表示X509证书有效期截止时间,日期为ASN.1时间格式。 | 1412 1413**错误码:** 1414 1415以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1416 1417| 错误码ID | 错误信息 | 1418| -------- | ------------------------------------------------- | 1419| 19020001 | memory error. | 1420| 19020002 | runtime error. | 1421| 19030001 | crypto operation error.| 1422 1423**示例:** 1424 1425```ts 1426import { cert } from '@kit.DeviceCertificateKit'; 1427 1428import { BusinessError } from '@kit.BasicServicesKit'; 1429 1430// string转Uint8Array 1431function stringToUint8Array(str: string): Uint8Array { 1432 let arr: Array<number> = []; 1433 for (let i = 0, j = str.length; i < j; i++) { 1434 arr.push(str.charCodeAt(i)); 1435 } 1436 return new Uint8Array(arr); 1437} 1438 1439// 证书二进制数据,需业务自行赋值 1440let certData = '-----BEGIN CERTIFICATE-----\n' + 1441 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1442 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1443 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1444 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1445 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1446 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1447 'Qw==\n' + 1448 '-----END CERTIFICATE-----\n'; 1449 1450let encodingBlob: cert.EncodingBlob = { 1451 data: stringToUint8Array(certData), 1452 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1453 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1454}; 1455 1456cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1457 if (error) { 1458 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1459 } else { 1460 console.log('createX509Cert success'); 1461 try { 1462 let notAfter = x509Cert.getNotAfterTime(); 1463 } catch (err) { 1464 let e: BusinessError = err as BusinessError; 1465 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1466 } 1467 } 1468}); 1469``` 1470 1471### getSignature 1472 1473getSignature() : DataBlob 1474 1475表示获取X509证书签名数据。 1476 1477**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1478 1479**系统能力:** SystemCapability.Security.Cert 1480 1481**返回值**: 1482 1483| 类型 | 说明 | 1484| --------------------- | -------------------- | 1485| [DataBlob](#datablob) | 表示X509证书签名数据 | 1486 1487**错误码:** 1488 1489以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1490 1491| 错误码ID | 错误信息 | 1492| -------- | ------------------------------------------------- | 1493| 19020001 | memory error. | 1494| 19020002 | runtime error. | 1495| 19030001 | crypto operation error.| 1496 1497**示例:** 1498 1499```ts 1500import { cert } from '@kit.DeviceCertificateKit'; 1501 1502import { BusinessError } from '@kit.BasicServicesKit'; 1503 1504// string转Uint8Array 1505function stringToUint8Array(str: string): Uint8Array { 1506 let arr: Array<number> = []; 1507 for (let i = 0, j = str.length; i < j; i++) { 1508 arr.push(str.charCodeAt(i)); 1509 } 1510 return new Uint8Array(arr); 1511} 1512 1513// 证书二进制数据,需业务自行赋值 1514let certData = '-----BEGIN CERTIFICATE-----\n' + 1515 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1516 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1517 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1518 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1519 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1520 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1521 'Qw==\n' + 1522 '-----END CERTIFICATE-----\n'; 1523 1524let encodingBlob: cert.EncodingBlob = { 1525 data: stringToUint8Array(certData), 1526 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1527 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1528}; 1529 1530cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1531 if (error) { 1532 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1533 } else { 1534 console.log('createX509Cert success'); 1535 try { 1536 let signature = x509Cert.getSignature(); 1537 } catch (err) { 1538 let e: BusinessError = err as BusinessError; 1539 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1540 } 1541 } 1542}); 1543``` 1544 1545### getSignatureAlgName 1546 1547getSignatureAlgName() : string 1548 1549表示获取X509证书签名算法名称。 1550 1551**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1552 1553**系统能力:** SystemCapability.Security.Cert 1554 1555**返回值**: 1556 1557| 类型 | 说明 | 1558| ------ | ------------------------ | 1559| string | 表示X509证书签名算法名称 | 1560 1561**错误码:** 1562 1563以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1564 1565| 错误码ID | 错误信息 | 1566| -------- | ------------------------------------------------- | 1567| 19020001 | memory error. | 1568| 19020002 | runtime error. | 1569| 19030001 | crypto operation error.| 1570 1571**示例:** 1572 1573```ts 1574import { cert } from '@kit.DeviceCertificateKit'; 1575 1576import { BusinessError } from '@kit.BasicServicesKit'; 1577 1578// string转Uint8Array 1579function stringToUint8Array(str: string): Uint8Array { 1580 let arr: Array<number> = []; 1581 for (let i = 0, j = str.length; i < j; i++) { 1582 arr.push(str.charCodeAt(i)); 1583 } 1584 return new Uint8Array(arr); 1585} 1586 1587// 证书二进制数据,需业务自行赋值 1588let certData = '-----BEGIN CERTIFICATE-----\n' + 1589 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1590 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1591 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1592 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1593 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1594 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1595 'Qw==\n' + 1596 '-----END CERTIFICATE-----\n'; 1597 1598let encodingBlob: cert.EncodingBlob = { 1599 data: stringToUint8Array(certData), 1600 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1601 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1602}; 1603 1604cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1605 if (error) { 1606 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1607 } else { 1608 console.log('createX509Cert success'); 1609 try { 1610 let sigAlgName = x509Cert.getSignatureAlgName(); 1611 } catch (err) { 1612 let e: BusinessError = err as BusinessError; 1613 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1614 } 1615 } 1616}); 1617``` 1618 1619### getSignatureAlgOid 1620 1621getSignatureAlgOid() : string 1622 1623表示获取X509证书签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 1624 1625**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1626 1627**系统能力:** SystemCapability.Security.Cert 1628 1629**返回值**: 1630 1631| 类型 | 说明 | 1632| ------ | --------------------------------- | 1633| string | 表示X509证书签名算法对象标志符OID | 1634 1635**错误码:** 1636 1637以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1638 1639| 错误码ID | 错误信息 | 1640| -------- | ------------------------------------------------- | 1641| 19020001 | memory error. | 1642| 19020002 | runtime error. | 1643| 19030001 | crypto operation error.| 1644 1645**示例:** 1646 1647```ts 1648import { cert } from '@kit.DeviceCertificateKit'; 1649import { BusinessError } from '@kit.BasicServicesKit'; 1650 1651// string转Uint8Array 1652function stringToUint8Array(str: string): Uint8Array { 1653 let arr: Array<number> = []; 1654 for (let i = 0, j = str.length; i < j; i++) { 1655 arr.push(str.charCodeAt(i)); 1656 } 1657 return new Uint8Array(arr); 1658} 1659 1660// 证书二进制数据,需业务自行赋值 1661let certData = '-----BEGIN CERTIFICATE-----\n' + 1662 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1663 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1664 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1665 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1666 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1667 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1668 'Qw==\n' + 1669 '-----END CERTIFICATE-----\n'; 1670 1671let encodingBlob: cert.EncodingBlob = { 1672 data: stringToUint8Array(certData), 1673 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1674 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1675}; 1676 1677cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1678 if (error) { 1679 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1680 } else { 1681 console.log('createX509Cert success'); 1682 try { 1683 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1684 } catch (err) { 1685 let e: BusinessError = err as BusinessError; 1686 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1687 } 1688 } 1689}); 1690``` 1691 1692### getSignatureAlgParams 1693 1694getSignatureAlgParams() : DataBlob 1695 1696表示获取X509证书签名算法参数。 1697 1698**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1699 1700**系统能力:** SystemCapability.Security.Cert 1701 1702**返回值**: 1703 1704| 类型 | 说明 | 1705| --------------------- | ------------------------ | 1706| [DataBlob](#datablob) | 表示X509证书签名算法参数 | 1707 1708**错误码:** 1709 1710以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1711 1712| 错误码ID | 错误信息 | 1713| -------- | ------------------------------------------------- | 1714| 801 | this operation is not supported. | 1715| 19020001 | memory error. | 1716| 19020002 | runtime error. | 1717| 19030001 | crypto operation error.| 1718 1719**示例:** 1720 1721```ts 1722import { cert } from '@kit.DeviceCertificateKit'; 1723import { BusinessError } from '@kit.BasicServicesKit'; 1724 1725// string转Uint8Array 1726function stringToUint8Array(str: string): Uint8Array { 1727 let arr: Array<number> = []; 1728 for (let i = 0, j = str.length; i < j; i++) { 1729 arr.push(str.charCodeAt(i)); 1730 } 1731 return new Uint8Array(arr); 1732} 1733 1734// 证书二进制数据,需业务自行赋值 1735let certData = '-----BEGIN CERTIFICATE-----\n' + 1736 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1737 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1738 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1739 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1740 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1741 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1742 'Qw==\n' + 1743 '-----END CERTIFICATE-----\n'; 1744 1745let encodingBlob: cert.EncodingBlob = { 1746 data: stringToUint8Array(certData), 1747 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1748 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1749}; 1750 1751cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1752 if (error) { 1753 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1754 } else { 1755 console.log('createX509Cert success'); 1756 try { 1757 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1758 } catch (err) { 1759 let e: BusinessError = err as BusinessError; 1760 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1761 } 1762 } 1763}); 1764``` 1765 1766### getKeyUsage 1767 1768getKeyUsage() : DataBlob 1769 1770表示获取X509证书秘钥用途。 1771 1772**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1773 1774**系统能力:** SystemCapability.Security.Cert 1775 1776**返回值**: 1777 1778| 类型 | 说明 | 1779| --------------------- | -------------------- | 1780| [DataBlob](#datablob) | 表示X509证书秘钥用途 | 1781 1782**错误码:** 1783 1784以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1785 1786| 错误码ID | 错误信息 | 1787| -------- | ------------------------------------------------- | 1788| 19020001 | memory error. | 1789| 19030001 | crypto operation error.| 1790 1791**示例:** 1792 1793```ts 1794import { cert } from '@kit.DeviceCertificateKit'; 1795import { BusinessError } from '@kit.BasicServicesKit'; 1796 1797// string转Uint8Array 1798function stringToUint8Array(str: string): Uint8Array { 1799 let arr: Array<number> = []; 1800 for (let i = 0, j = str.length; i < j; i++) { 1801 arr.push(str.charCodeAt(i)); 1802 } 1803 return new Uint8Array(arr); 1804} 1805 1806// 证书二进制数据,需业务自行赋值 1807let certData = '-----BEGIN CERTIFICATE-----\n' + 1808 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1809 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1810 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1811 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1812 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1813 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1814 'Qw==\n' + 1815 '-----END CERTIFICATE-----\n'; 1816 1817let encodingBlob: cert.EncodingBlob = { 1818 data: stringToUint8Array(certData), 1819 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1820 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1821}; 1822 1823cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1824 if (error) { 1825 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1826 } else { 1827 console.log('createX509Cert success'); 1828 try { 1829 let keyUsage = x509Cert.getKeyUsage(); 1830 } catch (err) { 1831 let e: BusinessError = err as BusinessError; 1832 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1833 } 1834 } 1835}); 1836``` 1837 1838### getExtKeyUsage 1839 1840getExtKeyUsage() : DataArray 1841 1842表示获取X509证书扩展秘钥用途。 1843 1844**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1845 1846**系统能力:** SystemCapability.Security.Cert 1847 1848**返回值**: 1849 1850| 类型 | 说明 | 1851| ----------------------- | ------------------------ | 1852| [DataArray](#dataarray) | 表示X509证书扩展秘钥用途 | 1853 1854**错误码:** 1855 1856以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1857 1858| 错误码ID | 错误信息 | 1859| -------- | ------------------------------------------------- | 1860| 19020001 | memory error. | 1861| 19020002 | runtime error. | 1862| 19030001 | crypto operation error.| 1863 1864**示例:** 1865 1866```ts 1867import { cert } from '@kit.DeviceCertificateKit'; 1868import { BusinessError } from '@kit.BasicServicesKit'; 1869 1870// string转Uint8Array 1871function stringToUint8Array(str: string): Uint8Array { 1872 let arr: Array<number> = []; 1873 for (let i = 0, j = str.length; i < j; i++) { 1874 arr.push(str.charCodeAt(i)); 1875 } 1876 return new Uint8Array(arr); 1877} 1878 1879// 证书二进制数据,需业务自行赋值 1880let certData = '-----BEGIN CERTIFICATE-----\n' + 1881 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1882 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1883 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1884 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1885 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1886 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1887 'Qw==\n' + 1888 '-----END CERTIFICATE-----\n'; 1889 1890let encodingBlob: cert.EncodingBlob = { 1891 data: stringToUint8Array(certData), 1892 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1893 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1894}; 1895 1896cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1897 if (error) { 1898 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1899 } else { 1900 console.log('createX509Cert success'); 1901 try { 1902 let extKeyUsage = x509Cert.getExtKeyUsage(); 1903 } catch (err) { 1904 let e: BusinessError = err as BusinessError; 1905 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1906 } 1907 } 1908}); 1909``` 1910 1911### getBasicConstraints 1912 1913getBasicConstraints() : number 1914 1915表示获取X509证书基本约束。 1916 1917**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1918 1919**系统能力:** SystemCapability.Security.Cert 1920 1921**返回值**: 1922 1923| 类型 | 说明 | 1924| ------ | -------------------- | 1925| number | 表示X509证书基本约束 | 1926 1927**示例:** 1928 1929```ts 1930import { cert } from '@kit.DeviceCertificateKit'; 1931 1932// string转Uint8Array 1933function stringToUint8Array(str: string): Uint8Array { 1934 let arr: Array<number> = []; 1935 for (let i = 0, j = str.length; i < j; i++) { 1936 arr.push(str.charCodeAt(i)); 1937 } 1938 return new Uint8Array(arr); 1939} 1940 1941// 证书二进制数据,需业务自行赋值 1942let certData = '-----BEGIN CERTIFICATE-----\n' + 1943 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1944 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1945 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1946 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1947 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1948 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1949 'Qw==\n' + 1950 '-----END CERTIFICATE-----\n'; 1951 1952let encodingBlob: cert.EncodingBlob = { 1953 data: stringToUint8Array(certData), 1954 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 1955 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1956}; 1957 1958cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1959 if (error) { 1960 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1961 } else { 1962 console.log('createX509Cert success'); 1963 let basicConstraints = x509Cert.getBasicConstraints(); 1964 } 1965}); 1966``` 1967 1968### getSubjectAltNames 1969 1970getSubjectAltNames() : DataArray 1971 1972表示获取X509证书主体可选名称。 1973 1974**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1975 1976**系统能力:** SystemCapability.Security.Cert 1977 1978**返回值**: 1979 1980| 类型 | 说明 | 1981| ----------------------- | ------------------------ | 1982| [DataArray](#dataarray) | 表示X509证书主体可选名称 | 1983 1984**错误码:** 1985 1986以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1987 1988| 错误码ID | 错误信息 | 1989| -------- | ------------------------------------------------- | 1990| 19020001 | memory error. | 1991| 19020002 | runtime error. | 1992| 19030001 | crypto operation error.| 1993 1994**示例:** 1995 1996```ts 1997import { cert } from '@kit.DeviceCertificateKit'; 1998import { BusinessError } from '@kit.BasicServicesKit'; 1999 2000// string转Uint8Array 2001function stringToUint8Array(str: string): Uint8Array { 2002 let arr: Array<number> = []; 2003 for (let i = 0, j = str.length; i < j; i++) { 2004 arr.push(str.charCodeAt(i)); 2005 } 2006 return new Uint8Array(arr); 2007} 2008 2009// 证书二进制数据,需业务自行赋值 2010let certData = '-----BEGIN CERTIFICATE-----\n' + 2011 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2012 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2013 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2014 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2015 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2016 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2017 'Qw==\n' + 2018 '-----END CERTIFICATE-----\n'; 2019 2020let encodingBlob: cert.EncodingBlob = { 2021 data: stringToUint8Array(certData), 2022 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2023 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2024}; 2025 2026cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2027 if (error) { 2028 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2029 } else { 2030 console.log('createX509Cert success'); 2031 try { 2032 let subjectAltNames = x509Cert.getSubjectAltNames(); 2033 } catch (err) { 2034 let e: BusinessError = err as BusinessError; 2035 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2036 } 2037 } 2038}); 2039``` 2040 2041### getIssuerAltNames 2042 2043getIssuerAltNames() : DataArray 2044 2045表示获取X509证书颁发者可选名称。 2046 2047**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2048 2049**系统能力:** SystemCapability.Security.Cert 2050 2051**返回值**: 2052 2053| 类型 | 说明 | 2054| ----------------------- | -------------------------- | 2055| [DataArray](#dataarray) | 表示X509证书颁发者可选名称 | 2056 2057**错误码:** 2058 2059以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2060 2061| 错误码ID | 错误信息 | 2062| -------- | ------------------------------------------------- | 2063| 19020001 | memory error. | 2064| 19020002 | runtime error. | 2065| 19030001 | crypto operation error.| 2066 2067**示例:** 2068 2069```ts 2070import { cert } from '@kit.DeviceCertificateKit'; 2071import { BusinessError } from '@kit.BasicServicesKit'; 2072 2073// string转Uint8Array 2074function stringToUint8Array(str: string): Uint8Array { 2075 let arr: Array<number> = []; 2076 for (let i = 0, j = str.length; i < j; i++) { 2077 arr.push(str.charCodeAt(i)); 2078 } 2079 return new Uint8Array(arr); 2080} 2081 2082// 证书二进制数据,需业务自行赋值 2083let certData = '-----BEGIN CERTIFICATE-----\n' + 2084 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2085 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2086 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2087 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2088 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2089 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2090 'Qw==\n' + 2091 '-----END CERTIFICATE-----\n'; 2092 2093let encodingBlob: cert.EncodingBlob = { 2094 data: stringToUint8Array(certData), 2095 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2096 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2097}; 2098 2099cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2100 if (error) { 2101 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2102 } else { 2103 console.log('createX509Cert success'); 2104 try { 2105 let issuerAltNames = x509Cert.getIssuerAltNames(); 2106 } catch (err) { 2107 let e: BusinessError = err as BusinessError; 2108 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2109 } 2110 } 2111}); 2112``` 2113 2114### getItem<sup>10+</sup> 2115 2116getItem(itemType: CertItemType) : DataBlob 2117 2118表示获取X509证书对应的字段。 2119 2120**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2121 2122**系统能力:** SystemCapability.Security.Cert 2123 2124**返回值**: 2125 2126| 类型 | 说明 | 2127| --------------------- | ----------------------------------------- | 2128| [DataBlob](#datablob) | 表示X509证书对应的字段,返回值为DER格式。 | 2129 2130**错误码:** 2131 2132以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2133 2134| 错误码ID | 错误信息 | 2135| -------- | ----------------------- | 2136| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2137| 19020001 | memory error. | 2138| 19020002 | runtime error. | 2139| 19030001 | crypto operation error. | 2140 2141**示例:** 2142 2143```ts 2144import { cert } from '@kit.DeviceCertificateKit'; 2145import { BusinessError } from '@kit.BasicServicesKit'; 2146 2147// string转Uint8Array 2148function stringToUint8Array(str: string): Uint8Array { 2149 let arr: Array<number> = []; 2150 for (let i = 0, j = str.length; i < j; i++) { 2151 arr.push(str.charCodeAt(i)); 2152 } 2153 return new Uint8Array(arr); 2154} 2155 2156// 证书二进制数据,需业务自行赋值 2157let certData = '-----BEGIN CERTIFICATE-----\n' + 2158 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2159 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2160 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2161 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2162 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2163 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2164 'Qw==\n' + 2165 '-----END CERTIFICATE-----\n'; 2166 2167let encodingBlob: cert.EncodingBlob = { 2168 data: stringToUint8Array(certData), 2169 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2170 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2171}; 2172 2173cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2174 if (error) { 2175 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2176 } else { 2177 console.log('createX509Cert success'); 2178 try { 2179 let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); 2180 let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 2181 } catch (err) { 2182 let e: BusinessError = err as BusinessError; 2183 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2184 } 2185 } 2186}); 2187``` 2188### match<sup>11+</sup> 2189 2190match(param: X509CertMatchParameters): boolean 2191 2192判断证书是否与输入参数匹配。 2193 2194**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2195 2196**系统能力:** SystemCapability.Security.Cert 2197 2198**参数**: 2199 2200| 参数名 | 类型 | 必填 | 说明 | 2201| --------- | ------ | ---- | ------------------------------------------ | 2202| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示需要匹配的参数。 | 2203 2204**返回值**: 2205 2206| 类型 | 说明 | 2207| --------------------- | ----------------------------------------- | 2208| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 2209 2210**错误码:** 2211 2212以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2213 2214| 错误码ID | 错误信息 | 2215| -------- | ------------- | 2216| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2217| 19020001 | memory error. | 2218| 19030001 | crypto operation error. | 2219 2220**示例:** 2221 2222```ts 2223import { cert } from '@kit.DeviceCertificateKit'; 2224import { BusinessError } from '@kit.BasicServicesKit'; 2225 2226// string转Uint8Array 2227function stringToUint8Array(str: string): Uint8Array { 2228 let arr: Array<number> = []; 2229 for (let i = 0, j = str.length; i < j; i++) { 2230 arr.push(str.charCodeAt(i)); 2231 } 2232 return new Uint8Array(arr); 2233} 2234 2235async function createX509Cert(): Promise<cert.X509Cert> { 2236 let certData = '-----BEGIN CERTIFICATE-----\n' + 2237 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 2238 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 2239 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 2240 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + 2241 '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 2242 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 2243 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 2244 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 2245 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 2246 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 2247 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 2248 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 2249 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 2250 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 2251 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 2252 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 2253 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 2254 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + 2255 '-----END CERTIFICATE-----\n'; 2256 2257 let encodingBlob: cert.EncodingBlob = { 2258 data: stringToUint8Array(certData), 2259 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2260 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2261 }; 2262 2263 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2264 try { 2265 x509Cert = await cert.createX509Cert(encodingBlob); 2266 } catch (err) { 2267 let e: BusinessError = err as BusinessError; 2268 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2269 } 2270 return x509Cert; 2271} 2272 2273async function matchX509Cert() { 2274 const x509Cert = await createX509Cert(); 2275 try { 2276 // 需业务自行赋值 2277 const param: cert.X509CertMatchParameters = { 2278 x509Cert, 2279 validDate: '20241121074700Z', 2280 keyUsage: [true, false, false, false, false, false, false, false, false], 2281 publicKeyAlgID: '1.2.840.113549.1.1.1' 2282 }; 2283 const result = x509Cert.match(param); 2284 console.log('call x509Cert match success'); 2285 } catch (err) { 2286 console.error('call x509Cert match failed'); 2287 } 2288} 2289``` 2290 2291### getCRLDistributionPoint<sup>12+</sup> 2292 2293getCRLDistributionPoint(): DataArray 2294 2295获取X509证书CRL的分发点统一资源标识符。 2296 2297**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2298 2299**系统能力:** SystemCapability.Security.Cert 2300 2301**返回值**: 2302 2303| 类型 | 说明 | 2304| ----------------------- | -------------------------- | 2305| [DataArray](#dataarray) | 表示X509证书CRL的分发点统一资源标识符 | 2306 2307**错误码:** 2308 2309以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2310 2311| 错误码ID | 错误信息 | 2312| -------- | ------------- | 2313| 19020001 | memory error. | 2314| 19020002 | runtime error. | 2315| 19030001 | crypto operation error. | 2316 2317**示例:** 2318 2319```ts 2320import { cert } from '@kit.DeviceCertificateKit'; 2321import { BusinessError } from '@kit.BasicServicesKit'; 2322 2323// string转Uint8Array 2324function stringToUint8Array(str: string): Uint8Array { 2325 let arr: Array<number> = []; 2326 for (let i = 0, j = str.length; i < j; i++) { 2327 arr.push(str.charCodeAt(i)); 2328 } 2329 return new Uint8Array(arr); 2330} 2331 2332let certData = "-----BEGIN CERTIFICATE-----\n" + 2333 "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + 2334 "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + 2335 "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + 2336 "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + 2337 "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + 2338 "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + 2339 "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + 2340 "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + 2341 "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + 2342 "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + 2343 "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + 2344 "-----END CERTIFICATE-----\n"; 2345 2346 // 证书二进制数据,需业务自行赋值 2347let encodingBlob: cert.EncodingBlob = { 2348 data: stringToUint8Array(certData), 2349 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2350 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2351}; 2352 2353async function certGetCRLDistributionPoint() { 2354 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2355 try { 2356 x509Cert = await cert.createX509Cert(encodingBlob); 2357 console.log('createX509Cert success'); 2358 let point = x509Cert.getCRLDistributionPoint(); 2359 } catch (err) { 2360 let e: BusinessError = err as BusinessError; 2361 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2362 } 2363} 2364``` 2365 2366### getIssuerX500DistinguishedName<sup>12+</sup> 2367 2368getIssuerX500DistinguishedName(): X500DistinguishedName 2369 2370获取颁发者的X509可分辨名称。 2371 2372**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2373 2374**系统能力:** SystemCapability.Security.Cert 2375 2376**返回值**: 2377 2378| 类型 | 说明 | 2379| --------------------- | ----------------------------------------- | 2380| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2381 2382**错误码:** 2383 2384以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2385 2386| 错误码ID | 错误信息 | 2387| -------- | ------------- | 2388| 19020001 | memory error. | 2389| 19020002 | runtime error. | 2390| 19030001 | crypto operation error. | 2391 2392**示例:** 2393 2394```ts 2395import { cert } from '@kit.DeviceCertificateKit'; 2396import { BusinessError } from '@kit.BasicServicesKit'; 2397 2398// string转Uint8Array 2399function stringToUint8Array(str: string): Uint8Array { 2400 let arr: Array<number> = []; 2401 for (let i = 0, j = str.length; i < j; i++) { 2402 arr.push(str.charCodeAt(i)); 2403 } 2404 return new Uint8Array(arr); 2405} 2406 2407let certData = "-----BEGIN CERTIFICATE-----\n" + 2408 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2409 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2410 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2411 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2412 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2413 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2414 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2415 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2416 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2417 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2418 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2419 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2420 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2421 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2422 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2423 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2424 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2425 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2426 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2427 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2428 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2429 "-----END CERTIFICATE-----\n" 2430 2431 // 证书二进制数据,需业务自行赋值 2432 let encodingBlob: cert.EncodingBlob = { 2433 data: stringToUint8Array(certData), 2434 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2435 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2436 }; 2437 2438async function certGetIssuerX500DistinguishedName() { 2439 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2440 try { 2441 x509Cert = await cert.createX509Cert(encodingBlob); 2442 console.log('createX509Cert success'); 2443 let name = x509Cert.getIssuerX500DistinguishedName(); 2444 } catch (err) { 2445 let e: BusinessError = err as BusinessError; 2446 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2447 } 2448} 2449``` 2450 2451### getSubjectX500DistinguishedName<sup>12+</sup> 2452 2453getSubjectX500DistinguishedName(): X500DistinguishedName 2454 2455获取证书主题的X509可分辨名称。 2456 2457**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2458 2459**系统能力:** SystemCapability.Security.Cert 2460 2461**返回值**: 2462 2463| 类型 | 说明 | 2464| --------------------- | ----------------------------------------- | 2465| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2466 2467**错误码:** 2468 2469以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2470 2471| 错误码ID | 错误信息 | 2472| -------- | ------------- | 2473| 19020001 | memory error. | 2474| 19020002 | runtime error. | 2475| 19030001 | crypto operation error. | 2476 2477**示例:** 2478 2479```ts 2480import { cert } from '@kit.DeviceCertificateKit'; 2481import { BusinessError } from '@kit.BasicServicesKit'; 2482 2483// string转Uint8Array 2484function stringToUint8Array(str: string): Uint8Array { 2485 let arr: Array<number> = []; 2486 for (let i = 0, j = str.length; i < j; i++) { 2487 arr.push(str.charCodeAt(i)); 2488 } 2489 return new Uint8Array(arr); 2490} 2491 2492let certData = "-----BEGIN CERTIFICATE-----\n" + 2493 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2494 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2495 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2496 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2497 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2498 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2499 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2500 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2501 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2502 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2503 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2504 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2505 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2506 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2507 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2508 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2509 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2510 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2511 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2512 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2513 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2514 "-----END CERTIFICATE-----\n" 2515 2516 // 证书二进制数据,需业务自行赋值 2517 let encodingBlob: cert.EncodingBlob = { 2518 data: stringToUint8Array(certData), 2519 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2520 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2521 }; 2522 2523async function certGetSubjectX500DistinguishedName() { 2524 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2525 try { 2526 x509Cert = await cert.createX509Cert(encodingBlob); 2527 console.log('createX509Cert success'); 2528 let name = x509Cert.getSubjectX500DistinguishedName(); 2529 } catch (err) { 2530 let e: BusinessError = err as BusinessError; 2531 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2532 } 2533} 2534``` 2535 2536### toString<sup>12+</sup> 2537 2538toString(): string 2539 2540获取对象的字符串类型数据。 2541 2542**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2543 2544**系统能力:** SystemCapability.Security.Cert 2545 2546**返回值**: 2547 2548| 类型 | 说明 | 2549| --------------------- | ----------------------------------------- | 2550| string | 对象的字符串类型数据。| 2551 2552**错误码:** 2553 2554以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2555 2556| 错误码ID | 错误信息 | 2557| -------- | ------------- | 2558| 19020001 | memory error. | 2559| 19020002 | runtime error. | 2560| 19030001 | crypto operation error. | 2561 2562**示例:** 2563 2564```ts 2565import { cert } from '@kit.DeviceCertificateKit'; 2566import { BusinessError } from '@kit.BasicServicesKit'; 2567 2568// string转Uint8Array 2569function stringToUint8Array(str: string): Uint8Array { 2570 let arr: Array<number> = []; 2571 for (let i = 0, j = str.length; i < j; i++) { 2572 arr.push(str.charCodeAt(i)); 2573 } 2574 return new Uint8Array(arr); 2575} 2576 2577let certData = "-----BEGIN CERTIFICATE-----\n" + 2578 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2579 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2580 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2581 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2582 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2583 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2584 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2585 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2586 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2587 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2588 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2589 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2590 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2591 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2592 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2593 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2594 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2595 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2596 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2597 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2598 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2599 "-----END CERTIFICATE-----\n" 2600 2601 // 证书二进制数据,需业务自行赋值 2602 let encodingBlob: cert.EncodingBlob = { 2603 data: stringToUint8Array(certData), 2604 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2605 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2606 }; 2607 2608async function certToString() { 2609 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2610 try { 2611 x509Cert = await cert.createX509Cert(encodingBlob); 2612 console.log('createX509Cert success'); 2613 console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); 2614 } catch (err) { 2615 let e: BusinessError = err as BusinessError; 2616 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2617 } 2618} 2619``` 2620 2621### hashCode<sup>12+</sup> 2622 2623hashCode(): Uint8Array 2624 2625获取DER格式数据的哈希值。 2626 2627**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2628 2629**系统能力:** SystemCapability.Security.Cert 2630 2631**返回值**: 2632 2633| 类型 | 说明 | 2634| --------------------- | ----------------------------------------- | 2635| Uint8Array | DER格式数据的哈希值。| 2636 2637**错误码:** 2638 2639以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2640 2641| 错误码ID | 错误信息 | 2642| -------- | ------------- | 2643| 19020001 | memory error. | 2644| 19020002 | runtime error. | 2645| 19030001 | crypto operation error. | 2646 2647**示例:** 2648 2649```ts 2650import { cert } from '@kit.DeviceCertificateKit'; 2651import { BusinessError } from '@kit.BasicServicesKit'; 2652 2653// string转Uint8Array 2654function stringToUint8Array(str: string): Uint8Array { 2655 let arr: Array<number> = []; 2656 for (let i = 0, j = str.length; i < j; i++) { 2657 arr.push(str.charCodeAt(i)); 2658 } 2659 return new Uint8Array(arr); 2660} 2661 2662let certData = "-----BEGIN CERTIFICATE-----\n" + 2663 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2664 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2665 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2666 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2667 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2668 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2669 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2670 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2671 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2672 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2673 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2674 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2675 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2676 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2677 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2678 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2679 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2680 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2681 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2682 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2683 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2684 "-----END CERTIFICATE-----\n" 2685 2686 // 证书二进制数据,需业务自行赋值 2687 let encodingBlob: cert.EncodingBlob = { 2688 data: stringToUint8Array(certData), 2689 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2690 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2691 }; 2692 2693async function certHashCode() { 2694 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2695 try { 2696 x509Cert = await cert.createX509Cert(encodingBlob); 2697 console.log('createX509Cert success'); 2698 console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); 2699 } catch (err) { 2700 let e: BusinessError = err as BusinessError; 2701 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2702 } 2703} 2704``` 2705 2706### getExtensionsObject<sup>12+</sup> 2707 2708getExtensionsObject(): CertExtension 2709 2710获取对应实体的扩展域DER格式数据。 2711 2712**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2713 2714**系统能力:** SystemCapability.Security.Cert 2715 2716**返回值**: 2717 2718| 类型 | 说明 | 2719| --------------------- | ----------------------------------------- | 2720| [CertExtension](#certextension10) | 证书扩展域段类对象。| 2721 2722**错误码:** 2723 2724以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2725 2726| 错误码ID | 错误信息 | 2727| -------- | ------------- | 2728| 19020001 | memory error. | 2729| 19020002 | runtime error. | 2730| 19030001 | crypto operation error. | 2731 2732**示例:** 2733 2734```ts 2735import { cert } from '@kit.DeviceCertificateKit'; 2736import { BusinessError } from '@kit.BasicServicesKit'; 2737 2738// string转Uint8Array 2739function stringToUint8Array(str: string): Uint8Array { 2740 let arr: Array<number> = []; 2741 for (let i = 0, j = str.length; i < j; i++) { 2742 arr.push(str.charCodeAt(i)); 2743 } 2744 return new Uint8Array(arr); 2745} 2746 2747let certData = "-----BEGIN CERTIFICATE-----\n" + 2748 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2749 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2750 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2751 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2752 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2753 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2754 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2755 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2756 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2757 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2758 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2759 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2760 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2761 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2762 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2763 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2764 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2765 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2766 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2767 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2768 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2769 "-----END CERTIFICATE-----\n" 2770 2771 // 证书二进制数据,需业务自行赋值 2772 let encodingBlob: cert.EncodingBlob = { 2773 data: stringToUint8Array(certData), 2774 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 2775 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2776 }; 2777 2778async function certGetExtensionsObject() { 2779 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2780 try { 2781 x509Cert = await cert.createX509Cert(encodingBlob); 2782 console.log('createX509Cert success'); 2783 let object = x509Cert.getExtensionsObject(); 2784 } catch (err) { 2785 let e: BusinessError = err as BusinessError; 2786 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2787 } 2788} 2789``` 2790 2791## cert.createCertExtension<sup>10+</sup> 2792 2793createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 2794 2795表示创建证书扩展域段的对象,使用Callback回调异步返回结果。 2796 2797**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2798 2799**系统能力:** SystemCapability.Security.Cert 2800 2801**参数**: 2802 2803| 参数名 | 类型 | 必填 | 说明 | 2804| -------- | ------------------------------------------------- | ---- | -------------------------- | 2805| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据 | 2806| callback | AsyncCallback\<[CertExtension](#certextension10)> | 是 | 回调函数。表示扩展域段对象 | 2807 2808**错误码:** 2809 2810以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2811 2812| 错误码ID | 错误信息 | 2813| -------- | ------------- | 2814| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2815| 801 | this operation is not supported. | 2816| 19020001 | memory error. | 2817 2818**示例:** 2819 2820```ts 2821import { cert } from '@kit.DeviceCertificateKit'; 2822 2823// 证书扩展域段二进制数据,需业务自行赋值 2824let extData = new Uint8Array([ 2825 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2826 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2827 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2828 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2829 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2830 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2831 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2832 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2833 0xD9, 0xE4 2834]); 2835 2836let encodingBlob: cert.EncodingBlob = { 2837 data: extData, 2838 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 2839 encodingFormat: cert.EncodingFormat.FORMAT_DER 2840}; 2841 2842cert.createCertExtension(encodingBlob, (error, certExt) => { 2843 if (error) { 2844 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2845 } else { 2846 console.log('createCertExtension success'); 2847 } 2848}); 2849``` 2850 2851## cert.createCertExtension<sup>10+</sup> 2852 2853createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 2854 2855表示创建证书扩展域段的对象,使用Promise方式异步返回结果。 2856 2857**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2858 2859**系统能力:** SystemCapability.Security.Cert 2860 2861**参数**: 2862 2863| 参数名 | 类型 | 必填 | 说明 | 2864| -------- | ----------------------------- | ---- | -------------------------- | 2865| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据 | 2866 2867**返回值**: 2868 2869| 类型 | 说明 | 2870| ------------------------------------------- | -------------------- | 2871| Promise\<[CertExtension](#certextension10)> | 表示证书扩展域段对象 | 2872 2873**错误码:** 2874 2875以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2876 2877| 错误码ID | 错误信息 | 2878| -------- | ------------- | 2879| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2880| 801 | this operation is not supported. | 2881| 19020001 | memory error. | 2882 2883**示例:** 2884 2885```ts 2886import { cert } from '@kit.DeviceCertificateKit'; 2887import { BusinessError } from '@kit.BasicServicesKit'; 2888 2889// 证书扩展域段二进制数据,需业务自行赋值 2890let extData = new Uint8Array([ 2891 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2892 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2893 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2894 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2895 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2896 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2897 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2898 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2899 0xD9, 0xE4 2900]); 2901 2902let encodingBlob: cert.EncodingBlob = { 2903 data: extData, 2904 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 2905 encodingFormat: cert.EncodingFormat.FORMAT_DER 2906}; 2907 2908cert.createCertExtension(encodingBlob).then(certExt => { 2909 console.log('createCertExtension success'); 2910}).catch((error: BusinessError) => { 2911 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2912}); 2913``` 2914 2915## CertExtension<sup>10+</sup> 2916 2917证书扩展域段类。 2918 2919### getEncoded<sup>10+</sup> 2920 2921getEncoded() : EncodingBlob 2922 2923表示获取证书扩展域段序列化数据。 2924 2925**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2926 2927**系统能力:** SystemCapability.Security.Cert 2928 2929**返回值**: 2930 2931| 类型 | 说明 | 2932| ----------------------------- | ---------------------------- | 2933| [EncodingBlob](#encodingblob) | 表示证书扩展域段序列化数据。 | 2934 2935**错误码:** 2936 2937以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2938 2939| 错误码ID | 错误信息 | 2940| -------- | ----------------------- | 2941| 19020001 | memory error. | 2942| 19020002 | runtime error. | 2943| 19030001 | crypto operation error. | 2944 2945**示例:** 2946 2947```ts 2948import { cert } from '@kit.DeviceCertificateKit'; 2949import { BusinessError } from '@kit.BasicServicesKit'; 2950 2951// 证书扩展域段二进制数据,需业务自行赋值 2952let extData = new Uint8Array([ 2953 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2954 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2955 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2956 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2957 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2958 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2959 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2960 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2961 0xD9, 0xE4 2962]); 2963 2964let encodingBlob: cert.EncodingBlob = { 2965 data: extData, 2966 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 2967 encodingFormat: cert.EncodingFormat.FORMAT_DER 2968}; 2969 2970cert.createCertExtension(encodingBlob, (error, certExt) => { 2971 if (error) { 2972 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2973 } else { 2974 console.log('createCertExtension success'); 2975 try { 2976 let extEncodedBlob = certExt.getEncoded(); 2977 } catch (err) { 2978 let e: BusinessError = err as BusinessError; 2979 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2980 } 2981 } 2982}); 2983``` 2984 2985### getOidList<sup>10+</sup> 2986 2987getOidList(valueType : ExtensionOidType) : DataArray 2988 2989表示获取证书扩展域段对象标识符列表。 2990 2991**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2992 2993**系统能力:** SystemCapability.Security.Cert 2994 2995**参数**: 2996 2997| 参数名 | 类型 | 必填 | 说明 | 2998| --------- | ------------------------------------- | ---- | ------------------------------ | 2999| valueType | [ExtensionOidType](#extensionoidtype10) | 是 | 表示证书扩展域段对象标识符类型 | 3000 3001**返回值**: 3002 3003| 类型 | 说明 | 3004| ----------------------- | -------------------------------- | 3005| [DataArray](#dataarray) | 表示证书扩展域段对象标识符列表。 | 3006 3007**错误码:** 3008 3009以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3010 3011| 错误码ID | 错误信息 | 3012| -------- | ----------------------- | 3013| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3014| 19020001 | memory error. | 3015| 19020002 | runtime error. | 3016| 19030001 | crypto operation error. | 3017 3018**示例:** 3019 3020```ts 3021import { cert } from '@kit.DeviceCertificateKit'; 3022import { BusinessError } from '@kit.BasicServicesKit'; 3023 3024// 证书扩展域段二进制数据,需业务自行赋值 3025let extData = new Uint8Array([ 3026 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3027 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3028 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3029 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3030 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3031 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3032 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3033 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3034 0xD9, 0xE4 3035]); 3036 3037let encodingBlob: cert.EncodingBlob = { 3038 data: extData, 3039 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 3040 encodingFormat: cert.EncodingFormat.FORMAT_DER 3041}; 3042 3043cert.createCertExtension(encodingBlob, (error, certExt) => { 3044 if (error) { 3045 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3046 } else { 3047 console.log('createCertExtension success'); 3048 try { 3049 let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 3050 } catch (err) { 3051 let e: BusinessError = err as BusinessError; 3052 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3053 } 3054 } 3055}); 3056``` 3057 3058### getEntry<sup>10+</sup> 3059 3060getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 3061 3062表示获取证书扩展域段对象信息。 3063 3064**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3065 3066**系统能力:** SystemCapability.Security.Cert 3067 3068**参数**: 3069 3070| 参数名 | 类型 | 必填 | 说明 | 3071| --------- | ----------------------------------------- | ---- | -------------------------------- | 3072| valueType | [ExtensionEntryType](#extensionentrytype10) | 是 | 表示证书扩展域段获取的类型 | 3073| oid | [DataBlob](#datablob) | 是 | 表示证书扩展域段获取的对象标识符 | 3074 3075**返回值**: 3076 3077| 类型 | 说明 | 3078| --------------------- | ---------------------------- | 3079| [DataBlob](#datablob) | 表示证书扩展域段对象的数据。 | 3080 3081**错误码:** 3082 3083以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3084 3085| 错误码ID | 错误信息 | 3086| -------- | ----------------------- | 3087| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3088| 19020001 | memory error. | 3089| 19020002 | runtime error. | 3090| 19030001 | crypto operation error. | 3091 3092**示例:** 3093 3094```ts 3095import { cert } from '@kit.DeviceCertificateKit'; 3096import { BusinessError } from '@kit.BasicServicesKit'; 3097 3098// 证书扩展域段二进制数据,需业务自行赋值 3099let extData = new Uint8Array([ 3100 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3101 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3102 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3103 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3104 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3105 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3106 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3107 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3108 0xD9, 0xE4 3109]); 3110 3111let encodingBlob: cert.EncodingBlob = { 3112 data: extData, 3113 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 3114 encodingFormat: cert.EncodingFormat.FORMAT_DER 3115}; 3116 3117cert.createCertExtension(encodingBlob, (error, certExt) => { 3118 if (error) { 3119 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3120 } else { 3121 console.log('createCertExtension success'); 3122 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 3123 let oidBlob: cert.DataBlob = { 3124 data: oid 3125 } 3126 try { 3127 let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 3128 } catch (err) { 3129 let e: BusinessError = err as BusinessError; 3130 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3131 } 3132 } 3133}); 3134``` 3135 3136 3137### checkCA<sup>10+</sup> 3138 3139checkCA() : number 3140 3141表示校验证书是否为CA证书。 3142 3143**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3144 3145**系统能力:** SystemCapability.Security.Cert 3146 3147**返回值**: 3148 3149| 类型 | 说明 | 3150| ------ | ------------------------------------------------------------ | 3151| number | 当证书扩展域段中密钥用途包含签名用途,并且基本约束中cA字段为true时,表示证书为CA证书。如果不是CA,则返回-1;否则返回基本约束中的路径长度。如果证书是CA证书,但是基本约束中未给定路径长度,则返回-2,表示无路径长度限制。 | 3152 3153**错误码:** 3154 3155以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3156 3157| 错误码ID | 错误信息 | 3158| -------- | ----------------------- | 3159| 19020001 | memory error. | 3160| 19020002 | runtime error. | 3161| 19030001 | crypto operation error. | 3162 3163**示例:** 3164 3165```ts 3166import { cert } from '@kit.DeviceCertificateKit'; 3167import { BusinessError } from '@kit.BasicServicesKit'; 3168 3169// 证书扩展域段二进制数据,需业务自行赋值 3170let extData = new Uint8Array([ 3171 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3172 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3173 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3174 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3175 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3176 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3177 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3178 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3179 0xD9, 0xE4 3180]); 3181 3182let encodingBlob: cert.EncodingBlob = { 3183 data: extData, 3184 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER 3185 encodingFormat: cert.EncodingFormat.FORMAT_DER 3186}; 3187cert.createCertExtension(encodingBlob, (error, certExt) => { 3188 if (error) { 3189 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3190 } else { 3191 console.log('createCertExtension success'); 3192 try { 3193 let res = certExt.checkCA(); 3194 } catch (err) { 3195 let e: BusinessError = err as BusinessError; 3196 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3197 } 3198 } 3199}); 3200``` 3201 3202### hasUnsupportedCriticalExtension<sup>11+</sup> 3203 3204hasUnsupportedCriticalExtension(): boolean 3205 3206判断是否存在不支持的关键扩展。 3207 3208**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3209 3210**系统能力:** SystemCapability.Security.Cert 3211 3212**返回值**: 3213 3214| 类型 | 说明 | 3215| ------- | ------------------------------------------------------- | 3216| boolean | 当存在不支持的关键扩展时,该方法返回true,否则返回false。 | 3217 3218**错误码:** 3219 3220以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3221 3222| 错误码ID | 错误信息 | 3223| -------- | ----------------------- | 3224| 19020001 | memory error. | 3225| 19020002 | runtime error. | 3226| 19030001 | crypto operation error. | 3227 3228**示例:** 3229 3230```ts 3231import { cert } from '@kit.DeviceCertificateKit'; 3232import { BusinessError } from '@kit.BasicServicesKit'; 3233 3234let encodingData = new Uint8Array([ 3235 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3236 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3237 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3238 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3239 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3240 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3241 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3242 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3243 0xD9, 0xE4 3244]); 3245let encodingBlob: cert.EncodingBlob = { 3246 data: new Uint8Array(encodingData), 3247 encodingFormat: cert.EncodingFormat.FORMAT_DER 3248}; 3249 3250cert.createCertExtension(encodingBlob).then((extensionObj) => { 3251 console.log('createCertExtension success!'); 3252 const result = extensionObj.hasUnsupportedCriticalExtension() 3253 console.log('has unsupported critical extension result is:' + result); 3254}).catch((err: BusinessError) => { 3255 console.error('createCertExtension failed'); 3256}); 3257``` 3258 3259## cert.createX509Crl<sup>(deprecated)</sup> 3260 3261createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 3262 3263表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3264 3265> **说明:** 3266> 3267> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11)替代。 3268 3269**系统能力:** SystemCapability.Security.Cert 3270 3271**参数**: 3272 3273| 参数名 | 类型 | 必填 | 说明 | 3274| -------- | ----------------------------------- | ---- | ------------------------------ | 3275| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 | 3276| callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | 是 | 回调函数。表示证书吊销列表对象 | 3277 3278**错误码:** 3279 3280以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3281 3282| 错误码ID | 错误信息 | 3283| -------- | ------------- | 3284| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3285| 801 | this operation is not supported. | 3286| 19020001 | memory error. | 3287 3288**示例:** 3289 3290```ts 3291import { cert } from '@kit.DeviceCertificateKit'; 3292 3293// string转Uint8Array 3294function stringToUint8Array(str: string): Uint8Array { 3295 let arr: Array<number> = []; 3296 for (let i = 0, j = str.length; i < j; i++) { 3297 arr.push(str.charCodeAt(i)); 3298 } 3299 return new Uint8Array(arr); 3300} 3301 3302let crlData = '-----BEGIN X509 CRL-----\n' + 3303 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3304 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3305 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3306 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3307 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3308 'eavsH0Q3\n' + 3309 '-----END X509 CRL-----\n'; 3310 3311// 证书吊销列表二进制数据,需业务自行赋值 3312let encodingBlob: cert.EncodingBlob = { 3313 data: stringToUint8Array(crlData), 3314 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3315 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3316}; 3317 3318cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3319 if (error) { 3320 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3321 } else { 3322 console.log('createX509Crl success'); 3323 } 3324}); 3325``` 3326 3327## cert.createX509Crl<sup>(deprecated)</sup> 3328 3329createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 3330 3331表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3332 3333> **说明:** 3334> 3335> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11-1)替代。 3336 3337**系统能力:** SystemCapability.Security.Cert 3338 3339**参数**: 3340 3341| 参数名 | 类型 | 必填 | 说明 | 3342| -------- | ----------------------------- | ---- | -------------------------- | 3343| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 | 3344 3345**返回值**: 3346 3347| 类型 | 说明 | 3348| ----------------------------- | -------------------- | 3349| Promise\<[X509Crl](#x509crldeprecated)> | 表示证书吊销列表对象 | 3350 3351**错误码:** 3352 3353以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3354 3355| 错误码ID | 错误信息 | 3356| -------- | ------------- | 3357| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3358| 801 | this operation is not supported. | 3359| 19020001 | memory error. | 3360 3361**示例:** 3362 3363```ts 3364import { cert } from '@kit.DeviceCertificateKit'; 3365import { BusinessError } from '@kit.BasicServicesKit'; 3366 3367// string转Uint8Array 3368function stringToUint8Array(str: string): Uint8Array { 3369 let arr: Array<number> = []; 3370 for (let i = 0, j = str.length; i < j; i++) { 3371 arr.push(str.charCodeAt(i)); 3372 } 3373 return new Uint8Array(arr); 3374} 3375 3376let crlData = '-----BEGIN X509 CRL-----\n' + 3377 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3378 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3379 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3380 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3381 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3382 'eavsH0Q3\n' + 3383 '-----END X509 CRL-----\n'; 3384 3385// 证书吊销列表二进制数据,需业务自行赋值 3386let encodingBlob: cert.EncodingBlob = { 3387 data: stringToUint8Array(crlData), 3388 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3389 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3390}; 3391 3392cert.createX509Crl(encodingBlob).then(x509Crl => { 3393 console.log('createX509Crl success'); 3394}).catch((error: BusinessError) => { 3395 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3396}); 3397``` 3398 3399## cert.createX509CRL<sup>11+</sup> 3400 3401createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 3402 3403表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3404 3405**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3406 3407**系统能力:** SystemCapability.Security.Cert 3408 3409**参数**: 3410 3411| 参数名 | 类型 | 必填 | 说明 | 3412| -------- | ------------------------------------- | ---- | ------------------------------ | 3413| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 | 3414| callback | AsyncCallback\<[X509CRL](#x509crl11)> | 是 | 回调函数。表示证书吊销列表对象 | 3415 3416**错误码:** 3417 3418以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3419 3420| 错误码ID | 错误信息 | 3421| -------- | ------------- | 3422| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3423| 801 | this operation is not supported. | 3424| 19020001 | memory error. | 3425 3426**示例:** 3427 3428```ts 3429import { cert } from '@kit.DeviceCertificateKit'; 3430 3431// string转Uint8Array 3432function stringToUint8Array(str: string): Uint8Array { 3433 let arr: Array<number> = []; 3434 for (let i = 0, j = str.length; i < j; i++) { 3435 arr.push(str.charCodeAt(i)); 3436 } 3437 return new Uint8Array(arr); 3438} 3439 3440let crlData = '-----BEGIN X509 CRL-----\n' + 3441 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3442 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3443 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3444 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3445 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3446 'eavsH0Q3\n' + 3447 '-----END X509 CRL-----\n'; 3448 3449// 证书吊销列表二进制数据,需业务自行赋值 3450let encodingBlob: cert.EncodingBlob = { 3451 data: stringToUint8Array(crlData), 3452 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3453 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3454}; 3455 3456cert.createX509CRL(encodingBlob, (error, X509CRL) => { 3457 if (error) { 3458 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3459 } else { 3460 console.log('createX509CRL success'); 3461 } 3462}); 3463``` 3464 3465## cert.createX509CRL<sup>11+</sup> 3466 3467createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 3468 3469表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3470 3471**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3472 3473**系统能力:** SystemCapability.Security.Cert 3474 3475**参数**: 3476 3477| 参数名 | 类型 | 必填 | 说明 | 3478| -------- | ----------------------------- | ---- | -------------------------- | 3479| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 | 3480 3481**返回值**: 3482 3483| 类型 | 说明 | 3484| ------------------------------- | -------------------- | 3485| Promise\<[X509CRL](#x509crl11)> | 表示证书吊销列表对象 | 3486 3487**错误码:** 3488 3489以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3490 3491| 错误码ID | 错误信息 | 3492| -------- | ------------- | 3493| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3494| 801 | this operation is not supported. | 3495| 19020001 | memory error. | 3496 3497**示例:** 3498 3499```ts 3500import { cert } from '@kit.DeviceCertificateKit'; 3501import { BusinessError } from '@kit.BasicServicesKit'; 3502 3503// string转Uint8Array 3504function stringToUint8Array(str: string): Uint8Array { 3505 let arr: Array<number> = []; 3506 for (let i = 0, j = str.length; i < j; i++) { 3507 arr.push(str.charCodeAt(i)); 3508 } 3509 return new Uint8Array(arr); 3510} 3511 3512let crlData = '-----BEGIN X509 CRL-----\n' + 3513 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3514 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3515 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3516 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3517 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3518 'eavsH0Q3\n' + 3519 '-----END X509 CRL-----\n'; 3520 3521// 证书吊销列表二进制数据,需业务自行赋值 3522let encodingBlob: cert.EncodingBlob = { 3523 data: stringToUint8Array(crlData), 3524 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3525 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3526}; 3527 3528cert.createX509CRL(encodingBlob).then(X509CRL => { 3529 console.log('createX509CRL success'); 3530}).catch((error: BusinessError) => { 3531 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3532}); 3533``` 3534 3535## X509Crl<sup>(deprecated)</sup> 3536 3537X509证书吊销列表对象。 3538 3539> **说明:** 3540> 3541> 从API version 11开始废弃,建议使用[X509CRL](#x509crl11)替代。 3542 3543### isRevoked<sup>(deprecated)</sup> 3544 3545isRevoked(cert : X509Cert) : boolean 3546 3547表示检查证书是否吊销。 3548 3549> **说明:** 3550> 3551> 从API version 11开始废弃,建议使用[X509CRL.isRevoked](#isrevoked11)替代。 3552 3553**系统能力:** SystemCapability.Security.Cert 3554 3555**参数**: 3556 3557| 参数名 | 类型 | 必填 | 说明 | 3558| ------ | -------- | ---- | -------------------- | 3559| cert | X509Cert | 是 | 表示被检查的证书对象 | 3560 3561**返回值**: 3562 3563| 类型 | 说明 | 3564| --------- | --------------------------------------------- | 3565| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销 | 3566 3567**错误码:** 3568 3569以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3570 3571| 错误码ID | 错误信息 | 3572| -------- | ------------- | 3573| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3574 3575**示例:** 3576 3577```ts 3578import { cert } from '@kit.DeviceCertificateKit'; 3579import { BusinessError } from '@kit.BasicServicesKit'; 3580 3581// string转Uint8Array 3582function stringToUint8Array(str: string): Uint8Array { 3583 let arr: Array<number> = []; 3584 for (let i = 0, j = str.length; i < j; i++) { 3585 arr.push(str.charCodeAt(i)); 3586 } 3587 return new Uint8Array(arr); 3588} 3589 3590let crlData = '-----BEGIN X509 CRL-----\n' + 3591 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3592 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3593 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3594 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3595 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3596 'eavsH0Q3\n' + 3597 '-----END X509 CRL-----\n'; 3598 3599let certData = '-----BEGIN CERTIFICATE-----\n' + 3600 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 3601 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 3602 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 3603 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 3604 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 3605 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 3606 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 3607 '-----END CERTIFICATE-----\n'; 3608 3609// 证书吊销列表二进制数据,需业务自行赋值 3610let encodingBlob: cert.EncodingBlob = { 3611 data: stringToUint8Array(crlData), 3612 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3613 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3614}; 3615 3616let certEncodingBlob: cert.EncodingBlob = { 3617 data: stringToUint8Array(certData), 3618 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3619 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3620}; 3621 3622cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3623 if (error) { 3624 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3625 } else { 3626 console.log('createX509Crl success'); 3627 // Create an X509Cert instance. 3628 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 3629 if (error) { 3630 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3631 } else { 3632 try { 3633 let revokedFlag = x509Crl.isRevoked(x509Cert); 3634 } catch (error) { 3635 let e: BusinessError = error as BusinessError; 3636 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3637 } 3638 } 3639 }); 3640 } 3641}); 3642``` 3643 3644### getType<sup>(deprecated)</sup> 3645 3646getType() : string 3647 3648表示获取证书吊销列表类型。 3649 3650> **说明:** 3651> 3652> 从API version 11开始废弃,建议使用[X509CRL.getType](#gettype11)替代。 3653 3654**系统能力:** SystemCapability.Security.Cert 3655 3656**返回值**: 3657 3658| 类型 | 说明 | 3659| ------ | -------------------- | 3660| string | 表示证书吊销列表类型 | 3661 3662**示例:** 3663 3664```ts 3665import { cert } from '@kit.DeviceCertificateKit'; 3666 3667// string转Uint8Array 3668function stringToUint8Array(str: string): Uint8Array { 3669 let arr: Array<number> = []; 3670 for (let i = 0, j = str.length; i < j; i++) { 3671 arr.push(str.charCodeAt(i)); 3672 } 3673 return new Uint8Array(arr); 3674} 3675 3676let crlData = '-----BEGIN X509 CRL-----\n' + 3677 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3678 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3679 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3680 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3681 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3682 'eavsH0Q3\n' + 3683 '-----END X509 CRL-----\n'; 3684 3685// 证书吊销列表二进制数据,需业务自行赋值 3686let encodingBlob: cert.EncodingBlob = { 3687 data: stringToUint8Array(crlData), 3688 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3689 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3690}; 3691 3692cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3693 if (error) { 3694 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3695 } else { 3696 console.log('createX509Crl success'); 3697 let type = x509Crl.getType(); 3698 } 3699}); 3700``` 3701 3702### getEncoded<sup>(deprecated)</sup> 3703 3704getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 3705 3706表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 3707 3708> **说明:** 3709> 3710> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11)替代。 3711 3712**系统能力:** SystemCapability.Security.Cert 3713 3714**参数**: 3715 3716| 参数名 | 类型 | 必填 | 说明 | 3717| -------- | ---------------------------- | ---- | ------------------------------------------ | 3718| callback | AsyncCallback\<EncodingBlob> | 是 | 回调函数,表示X509证书吊销列表的序列化数据 | 3719 3720**错误码:** 3721 3722以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3723 3724| 错误码ID | 错误信息 | 3725| -------- | ----------------------- | 3726| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3727| 19020001 | memory error. | 3728| 19020002 | runtime error. | 3729| 19030001 | crypto operation error. | 3730 3731**示例:** 3732 3733```ts 3734import { cert } from '@kit.DeviceCertificateKit'; 3735 3736// string转Uint8Array 3737function stringToUint8Array(str: string): Uint8Array { 3738 let arr: Array<number> = []; 3739 for (let i = 0, j = str.length; i < j; i++) { 3740 arr.push(str.charCodeAt(i)); 3741 } 3742 return new Uint8Array(arr); 3743} 3744 3745let crlData = '-----BEGIN X509 CRL-----\n' + 3746 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3747 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3748 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3749 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3750 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3751 'eavsH0Q3\n' + 3752 '-----END X509 CRL-----\n'; 3753 3754// 证书吊销列表二进制数据,需业务自行赋值 3755let encodingBlob: cert.EncodingBlob = { 3756 data: stringToUint8Array(crlData), 3757 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3758 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3759}; 3760 3761cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3762 if (error) { 3763 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3764 } else { 3765 console.log('createX509Crl success'); 3766 x509Crl.getEncoded((error, data) => { 3767 if (error) { 3768 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3769 } else { 3770 console.log('getEncoded success'); 3771 } 3772 }); 3773 } 3774}); 3775``` 3776 3777### getEncoded<sup>(deprecated)</sup> 3778 3779getEncoded() : Promise\<EncodingBlob> 3780 3781表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 3782 3783> **说明:** 3784> 3785> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11-1)替代。 3786 3787**系统能力:** SystemCapability.Security.Cert 3788 3789**返回值**: 3790 3791| 类型 | 说明 | 3792| ---------------------- | -------------------------------- | 3793| Promise\<EncodingBlob> | 表示X509证书吊销列表的序列化数据 | 3794 3795**错误码:** 3796 3797以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3798 3799| 错误码ID | 错误信息 | 3800| -------- | ----------------------- | 3801| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3802| 19020001 | memory error. | 3803| 19020002 | runtime error. | 3804| 19030001 | crypto operation error. | 3805 3806**示例:** 3807 3808```ts 3809import { cert } from '@kit.DeviceCertificateKit'; 3810import { BusinessError } from '@kit.BasicServicesKit'; 3811 3812// string转Uint8Array 3813function stringToUint8Array(str: string): Uint8Array { 3814 let arr: Array<number> = []; 3815 for (let i = 0, j = str.length; i < j; i++) { 3816 arr.push(str.charCodeAt(i)); 3817 } 3818 return new Uint8Array(arr); 3819} 3820 3821let crlData = '-----BEGIN X509 CRL-----\n' + 3822 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3823 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3824 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3825 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3826 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3827 'eavsH0Q3\n' + 3828 '-----END X509 CRL-----\n'; 3829 3830// 证书吊销列表二进制数据,需业务自行赋值 3831let encodingBlob: cert.EncodingBlob = { 3832 data: stringToUint8Array(crlData), 3833 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3834 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3835}; 3836 3837cert.createX509Crl(encodingBlob).then(x509Crl => { 3838 console.log('createX509Crl success'); 3839 x509Crl.getEncoded().then(result => { 3840 console.log('getEncoded success'); 3841 }).catch((error: BusinessError) => { 3842 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3843 }); 3844}).catch((error: BusinessError) => { 3845 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3846}); 3847``` 3848 3849### verify<sup>(deprecated)</sup> 3850 3851verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 3852 3853表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 3854 3855> **说明:** 3856> 3857> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11)替代。 3858 3859**系统能力:** SystemCapability.Security.Cert 3860 3861**参数**: 3862 3863| 参数名 | 类型 | 必填 | 说明 | 3864| -------- | -------------------- | ---- | ------------------------------------------------------------ | 3865| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象 | 3866| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 3867 3868**错误码:** 3869 3870以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3871 3872| 错误码ID | 错误信息 | 3873| -------- | ----------------------- | 3874| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3875| 19030001 | crypto operation error. | 3876 3877**示例:** 3878 3879```ts 3880import { cert } from '@kit.DeviceCertificateKit'; 3881import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 3882import { BusinessError } from '@kit.BasicServicesKit'; 3883 3884// string转Uint8Array 3885function stringToUint8Array(str: string): Uint8Array { 3886 let arr: Array<number> = []; 3887 for (let i = 0, j = str.length; i < j; i++) { 3888 arr.push(str.charCodeAt(i)); 3889 } 3890 return new Uint8Array(arr); 3891} 3892 3893let crlData = '-----BEGIN X509 CRL-----\n' + 3894 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3895 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3896 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3897 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3898 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3899 'eavsH0Q3\n' + 3900 '-----END X509 CRL-----\n'; 3901 3902let pubKeyData = new Uint8Array([ 3903 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 3904 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 3905 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 3906 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 3907 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 3908 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 3909 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 3910 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 3911 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 3912 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 3913 0x00, 0x01 3914]); 3915 3916let priKeyData = new Uint8Array([ 3917 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 3918 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 3919 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 3920 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 3921 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 3922 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 3923 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 3924 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 3925 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 3926 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 3927 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 3928 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 3929 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 3930 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 3931 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 3932 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 3933 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 3934 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 3935 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 3936 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 3937 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 3938 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 3939 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 3940 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 3941 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 3942 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 3943 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 3944 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 3945 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 3946 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 3947 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 3948 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 3949 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 3950 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 3951 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 3952 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 3953 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 3954 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 3955 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 3956 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 3957]); 3958 3959// 证书吊销列表二进制数据,需业务自行赋值 3960let encodingBlob: cert.EncodingBlob = { 3961 data: stringToUint8Array(crlData), 3962 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 3963 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3964}; 3965 3966cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3967 if (error) { 3968 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3969 } else { 3970 console.log('createX509Crl success'); 3971 try { 3972 // Generate the public key by AsyKeyGenerator. 3973 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 3974 console.log('createAsyKeyGenerator success'); 3975 let priEncodingBlob: cryptoFramework.DataBlob = { 3976 data: priKeyData, 3977 }; 3978 let pubEncodingBlob: cryptoFramework.DataBlob = { 3979 data: pubKeyData, 3980 }; 3981 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 3982 if (e) { 3983 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 3984 } else { 3985 console.log('convert key success'); 3986 x509Crl.verify(keyPair.pubKey, (err, data) => { 3987 if (err) { 3988 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 3989 } else { 3990 console.log('verify success'); 3991 } 3992 }); 3993 } 3994 }) 3995 } catch (error) { 3996 let e: BusinessError = error as BusinessError; 3997 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3998 } 3999 } 4000}); 4001``` 4002 4003### verify<sup>(deprecated)</sup> 4004 4005verify(key : cryptoFramework.PubKey) : Promise\<void> 4006 4007表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 4008 4009> **说明:** 4010> 4011> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11-1)替代。 4012 4013**系统能力:** SystemCapability.Security.Cert 4014 4015**参数**: 4016 4017| 参数名 | 类型 | 必填 | 说明 | 4018| ------ | ------ | ---- | ---------------------- | 4019| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 4020 4021**返回值**: 4022 4023| 类型 | 说明 | 4024| ---- | ------------------------------------------------------------ | 4025| Promise\<void> | Promise对象 | 4026 4027**错误码:** 4028 4029以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4030 4031| 错误码ID | 错误信息 | 4032| -------- | ----------------------- | 4033| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4034| 19030001 | crypto operation error. | 4035 4036**示例:** 4037 4038```ts 4039import { cert } from '@kit.DeviceCertificateKit'; 4040import { cryptoFramework } from '@kit.CryptoArchitectureKit' 4041import { BusinessError } from '@kit.BasicServicesKit'; 4042 4043// string转Uint8Array 4044function stringToUint8Array(str: string): Uint8Array { 4045 let arr: Array<number> = []; 4046 for (let i = 0, j = str.length; i < j; i++) { 4047 arr.push(str.charCodeAt(i)); 4048 } 4049 return new Uint8Array(arr); 4050} 4051 4052let crlData = '-----BEGIN X509 CRL-----\n' + 4053 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4054 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4055 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4056 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4057 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4058 'eavsH0Q3\n' + 4059 '-----END X509 CRL-----\n'; 4060 4061let pubKeyData = new Uint8Array([ 4062 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4063 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4064 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4065 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4066 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4067 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4068 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4069 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4070 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4071 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4072 0x00, 0x01 4073]); 4074 4075let priKeyData = new Uint8Array([ 4076 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4077 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4078 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4079 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4080 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4081 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4082 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4083 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4084 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4085 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4086 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4087 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4088 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4089 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4090 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4091 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4092 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4093 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4094 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4095 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4096 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4097 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4098 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4099 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4100 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4101 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4102 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4103 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4104 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4105 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4106 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4107 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4108 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4109 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4110 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4111 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4112 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4113 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4114 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4115 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4116]); 4117 4118// 证书吊销列表二进制数据,需业务自行赋值 4119let encodingBlob: cert.EncodingBlob = { 4120 data: stringToUint8Array(crlData), 4121 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4122 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4123}; 4124 4125cert.createX509Crl(encodingBlob).then(x509Crl => { 4126 console.log('createX509Crl success'); 4127 4128 try { 4129 // 生成公钥对象 4130 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4131 console.log('createAsyKeyGenerator success'); 4132 let priEncodingBlob: cryptoFramework.DataBlob = { 4133 data: priKeyData, 4134 }; 4135 let pubEncodingBlob: cryptoFramework.DataBlob = { 4136 data: pubKeyData, 4137 }; 4138 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4139 console.log('convert key success'); 4140 x509Crl.verify(keyPair.pubKey).then(result => { 4141 console.log('verify success'); 4142 }).catch((error: BusinessError) => { 4143 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4144 }); 4145 }).catch((error: BusinessError) => { 4146 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4147 }); 4148 } catch (error) { 4149 let e: BusinessError = error as BusinessError; 4150 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4151 } 4152}).catch((error: BusinessError) => { 4153 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4154}); 4155``` 4156 4157### getVersion<sup>(deprecated)</sup> 4158 4159getVersion() : number 4160 4161表示获取X509证书吊销列表的版本号。 4162 4163> **说明:** 4164> 4165> 从API version 11开始废弃,建议使用[X509CRL.getVersion](#getversion11)替代。 4166 4167**系统能力:** SystemCapability.Security.Cert 4168 4169**返回值**: 4170 4171| 类型 | 说明 | 4172| ------ | -------------------------------- | 4173| number | 表示获取X509证书吊销列表的版本号 | 4174 4175**示例:** 4176 4177```ts 4178import { cert } from '@kit.DeviceCertificateKit'; 4179 4180// string转Uint8Array 4181function stringToUint8Array(str: string): Uint8Array { 4182 let arr: Array<number> = []; 4183 for (let i = 0, j = str.length; i < j; i++) { 4184 arr.push(str.charCodeAt(i)); 4185 } 4186 return new Uint8Array(arr); 4187} 4188 4189let crlData = '-----BEGIN X509 CRL-----\n' + 4190 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4191 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4192 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4193 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4194 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4195 'eavsH0Q3\n' + 4196 '-----END X509 CRL-----\n'; 4197 4198// 证书吊销列表二进制数据,需业务自行赋值 4199let encodingBlob: cert.EncodingBlob = { 4200 data: stringToUint8Array(crlData), 4201 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4202 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4203}; 4204 4205cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4206 if (error) { 4207 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4208 } else { 4209 console.log('createX509Crl success'); 4210 let version = x509Crl.getVersion(); 4211 } 4212}); 4213``` 4214 4215### getIssuerName<sup>(deprecated)</sup> 4216 4217getIssuerName() : DataBlob 4218 4219表示获取X509证书吊销列表颁发者名称。 4220 4221> **说明:** 4222> 4223> 从API version 11开始废弃,建议使用[X509CRL.getIssuerName](#getissuername11)替代。 4224 4225**系统能力:** SystemCapability.Security.Cert 4226 4227**返回值**: 4228 4229| 类型 | 说明 | 4230| --------------------- | ------------------------------ | 4231| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称 | 4232 4233**错误码:** 4234 4235以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4236 4237| 错误码ID | 错误信息 | 4238| -------- | ----------------------- | 4239| 19020001 | memory error. | 4240| 19020002 | runtime error. | 4241| 19030001 | crypto operation error. | 4242 4243**示例:** 4244 4245```ts 4246import { cert } from '@kit.DeviceCertificateKit'; 4247import { BusinessError } from '@kit.BasicServicesKit'; 4248 4249// string转Uint8Array 4250function stringToUint8Array(str: string): Uint8Array { 4251 let arr: Array<number> = []; 4252 for (let i = 0, j = str.length; i < j; i++) { 4253 arr.push(str.charCodeAt(i)); 4254 } 4255 return new Uint8Array(arr); 4256} 4257 4258let crlData = '-----BEGIN X509 CRL-----\n' + 4259 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4260 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4261 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4262 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4263 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4264 'eavsH0Q3\n' + 4265 '-----END X509 CRL-----\n'; 4266 4267// 证书吊销列表二进制数据,需业务自行赋值 4268let encodingBlob: cert.EncodingBlob = { 4269 data: stringToUint8Array(crlData), 4270 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4271 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4272}; 4273 4274cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4275 if (error) { 4276 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4277 } else { 4278 console.log('createX509Crl success'); 4279 try { 4280 let issuerName = x509Crl.getIssuerName(); 4281 } catch (err) { 4282 let e: BusinessError = err as BusinessError; 4283 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4284 } 4285 } 4286}); 4287``` 4288 4289### getLastUpdate<sup>(deprecated)</sup> 4290 4291getLastUpdate() : string 4292 4293表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 4294 4295> **说明:** 4296> 4297> 从API version 11开始废弃,建议使用[X509CRL.getLastUpdate](#getlastupdate11)替代。 4298 4299**系统能力:** SystemCapability.Security.Cert 4300 4301**返回值**: 4302 4303| 类型 | 说明 | 4304| ------ | ------------------------------------ | 4305| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 4306 4307**错误码:** 4308 4309以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4310 4311| 错误码ID | 错误信息 | 4312| -------- | ----------------------- | 4313| 19020001 | memory error. | 4314| 19020002 | runtime error. | 4315| 19030001 | crypto operation error. | 4316 4317**示例:** 4318 4319```ts 4320import { cert } from '@kit.DeviceCertificateKit'; 4321import { BusinessError } from '@kit.BasicServicesKit'; 4322 4323// string转Uint8Array 4324function stringToUint8Array(str: string): Uint8Array { 4325 let arr: Array<number> = []; 4326 for (let i = 0, j = str.length; i < j; i++) { 4327 arr.push(str.charCodeAt(i)); 4328 } 4329 return new Uint8Array(arr); 4330} 4331 4332let crlData = '-----BEGIN X509 CRL-----\n' + 4333 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4334 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4335 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4336 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4337 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4338 'eavsH0Q3\n' + 4339 '-----END X509 CRL-----\n'; 4340 4341// 证书吊销列表二进制数据,需业务自行赋值 4342let encodingBlob: cert.EncodingBlob = { 4343 data: stringToUint8Array(crlData), 4344 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4345 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4346}; 4347 4348cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4349 if (error) { 4350 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4351 } else { 4352 console.log('createX509Crl success'); 4353 try { 4354 let lastUpdate = x509Crl.getLastUpdate(); 4355 } catch (err) { 4356 let e: BusinessError = err as BusinessError; 4357 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4358 } 4359 } 4360}); 4361``` 4362 4363### getNextUpdate<sup>(deprecated)</sup> 4364 4365getNextUpdate() : string 4366 4367表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 4368 4369> **说明:** 4370> 4371> 从API version 11开始废弃,建议使用[X509CRL.getNextUpdate](#getnextupdate11)替代。 4372 4373**系统能力:** SystemCapability.Security.Cert 4374 4375**返回值**: 4376 4377| 类型 | 说明 | 4378| ------ | ------------------------------------ | 4379| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 4380 4381**错误码:** 4382 4383以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4384 4385| 错误码ID | 错误信息 | 4386| -------- | ----------------------- | 4387| 19020001 | memory error. | 4388| 19020002 | runtime error. | 4389| 19030001 | crypto operation error. | 4390 4391**示例:** 4392 4393```ts 4394import { cert } from '@kit.DeviceCertificateKit'; 4395import { BusinessError } from '@kit.BasicServicesKit'; 4396 4397// string转Uint8Array 4398function stringToUint8Array(str: string): Uint8Array { 4399 let arr: Array<number> = []; 4400 for (let i = 0, j = str.length; i < j; i++) { 4401 arr.push(str.charCodeAt(i)); 4402 } 4403 return new Uint8Array(arr); 4404} 4405 4406let crlData = '-----BEGIN X509 CRL-----\n' + 4407 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4408 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4409 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4410 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4411 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4412 'eavsH0Q3\n' + 4413 '-----END X509 CRL-----\n'; 4414 4415// 证书吊销列表二进制数据,需业务自行赋值 4416let encodingBlob: cert.EncodingBlob = { 4417 data: stringToUint8Array(crlData), 4418 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4419 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4420}; 4421 4422cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4423 if (error) { 4424 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4425 } else { 4426 console.log('createX509Crl success'); 4427 try { 4428 let nextUpdate = x509Crl.getNextUpdate(); 4429 } catch (err) { 4430 let e: BusinessError = err as BusinessError; 4431 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4432 } 4433 } 4434}); 4435``` 4436 4437### getRevokedCert<sup>(deprecated)</sup> 4438 4439getRevokedCert(serialNumber : number) : X509CrlEntry 4440 4441表示通过指定证书序列号获取被吊销X509证书对象。 4442 4443> **说明:** 4444> 4445> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCert](#getrevokedcert11)替代。 4446 4447**系统能力:** SystemCapability.Security.Cert 4448 4449**参数**: 4450 4451| 参数名 | 类型 | 必填 | 说明 | 4452| ------------ | ------ | ---- | -------------- | 4453| serialNumber | number | 是 | 表示证书序列号 | 4454 4455**返回值**: 4456 4457| 类型 | 说明 | 4458| ---------------------- | --------------------- | 4459| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象 | 4460 4461**错误码:** 4462 4463以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4464 4465| 错误码ID | 错误信息 | 4466| -------- | ----------------------- | 4467| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4468| 19020001 | memory error. | 4469| 19030001 | crypto operation error. | 4470 4471**示例:** 4472 4473```ts 4474import { cert } from '@kit.DeviceCertificateKit'; 4475import { BusinessError } from '@kit.BasicServicesKit'; 4476 4477// string转Uint8Array 4478function stringToUint8Array(str: string): Uint8Array { 4479 let arr: Array<number> = []; 4480 for (let i = 0, j = str.length; i < j; i++) { 4481 arr.push(str.charCodeAt(i)); 4482 } 4483 return new Uint8Array(arr); 4484} 4485 4486let crlData = '-----BEGIN X509 CRL-----\n' + 4487 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4488 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4489 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4490 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4491 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4492 'eavsH0Q3\n' + 4493 '-----END X509 CRL-----\n'; 4494 4495// 证书吊销列表二进制数据,需业务自行赋值 4496let encodingBlob: cert.EncodingBlob = { 4497 data: stringToUint8Array(crlData), 4498 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4499 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4500}; 4501 4502cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4503 if (error) { 4504 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4505 } else { 4506 console.log('createX509Crl success'); 4507 let serialNumber = 1000; 4508 try { 4509 let entry = x509Crl.getRevokedCert(serialNumber); 4510 } catch (error) { 4511 let e: BusinessError = error as BusinessError; 4512 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4513 } 4514 } 4515}); 4516``` 4517 4518### getRevokedCertWithCert<sup>(deprecated)</sup> 4519 4520getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 4521 4522表示通过指定证书对象获取被吊销X509证书对象。 4523 4524> **说明:** 4525> 4526> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11)替代。 4527 4528**系统能力:** SystemCapability.Security.Cert 4529 4530**参数**: 4531 4532| 参数名 | 类型 | 必填 | 说明 | 4533| ------ | --------------------- | ---- | ------------ | 4534| cert | [X509Cert](#x509cert) | 是 | 表示证书对象 | 4535 4536**返回值**: 4537 4538| 类型 | 说明 | 4539| ------------ | -------------------- | 4540| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象 | 4541 4542**错误码:** 4543 4544以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4545 4546| 错误码ID | 错误信息 | 4547| -------- | ----------------------- | 4548| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4549| 19020001 | memory error. | 4550| 19030001 | crypto operation error. | 4551 4552**示例:** 4553 4554```ts 4555import { cert } from '@kit.DeviceCertificateKit'; 4556import { BusinessError } from '@kit.BasicServicesKit'; 4557 4558// string转Uint8Array 4559function stringToUint8Array(str: string): Uint8Array { 4560 let arr: Array<number> = []; 4561 for (let i = 0, j = str.length; i < j; i++) { 4562 arr.push(str.charCodeAt(i)); 4563 } 4564 return new Uint8Array(arr); 4565} 4566 4567let crlData = '-----BEGIN X509 CRL-----\n' + 4568 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 4569 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 4570 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 4571 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 4572 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 4573 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 4574 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 4575 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 4576 '+i2osvdPWRia0dJCL1PCA14k\n' + 4577 '-----END X509 CRL-----\n'; 4578 4579// 证书二进制数据,需业务自行赋值 4580let certData = '-----BEGIN CERTIFICATE-----\n' + 4581 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 4582 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 4583 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 4584 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 4585 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 4586 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 4587 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 4588 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 4589 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 4590 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 4591 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 4592 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 4593 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 4594 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 4595 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 4596 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 4597 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 4598 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 4599 '-----END CERTIFICATE-----\n'; 4600 4601let certEncodingBlob: cert.EncodingBlob = { 4602 data: stringToUint8Array(certData), 4603 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4604 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4605}; 4606 4607// 证书吊销列表二进制数据,需业务自行赋值 4608let encodingBlob: cert.EncodingBlob = { 4609 data: stringToUint8Array(crlData), 4610 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4611 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4612}; 4613 4614cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4615 if (error) { 4616 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4617 } else { 4618 console.log('createX509Crl success'); 4619 // 创建X509证书对象. 4620 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 4621 try { 4622 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 4623 console.log('getRevokedCertWithCert success'); 4624 } catch (error) { 4625 let e: BusinessError = error as BusinessError; 4626 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4627 } 4628 }).catch((error: BusinessError) => { 4629 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4630 }) 4631 } 4632}); 4633``` 4634 4635### getRevokedCerts<sup>(deprecated)</sup> 4636 4637getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 4638 4639表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 4640 4641> **说明:** 4642> 4643> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11)替代。 4644 4645**系统能力:** SystemCapability.Security.Cert 4646 4647**参数**: 4648 4649| 参数名 | 类型 | 必填 | 说明 | 4650| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 4651| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 是 | 回调函数。表示被吊销X509证书列表 | 4652 4653**错误码:** 4654 4655以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4656 4657| 错误码ID | 错误信息 | 4658| -------- | ----------------------- | 4659| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4660| 19020001 | memory error. | 4661| 19030001 | crypto operation error. | 4662 4663**示例:** 4664 4665```ts 4666import { cert } from '@kit.DeviceCertificateKit'; 4667import { BusinessError } from '@kit.BasicServicesKit'; 4668 4669// string转Uint8Array 4670function stringToUint8Array(str: string): Uint8Array { 4671 let arr: Array<number> = []; 4672 for (let i = 0, j = str.length; i < j; i++) { 4673 arr.push(str.charCodeAt(i)); 4674 } 4675 return new Uint8Array(arr); 4676} 4677 4678let crlData = '-----BEGIN X509 CRL-----\n' + 4679 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4680 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4681 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4682 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4683 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4684 'eavsH0Q3\n' + 4685 '-----END X509 CRL-----\n'; 4686 4687// 证书吊销列表二进制数据,需业务自行赋值 4688let encodingBlob: cert.EncodingBlob = { 4689 data: stringToUint8Array(crlData), 4690 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4691 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4692}; 4693 4694cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4695 if (error) { 4696 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4697 } else { 4698 console.log('createX509Crl success'); 4699 x509Crl.getRevokedCerts((error, array) => { 4700 if (error) { 4701 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4702 } else { 4703 console.log('getRevokedCerts success'); 4704 } 4705 }); 4706 } 4707}); 4708``` 4709 4710### getRevokedCerts<sup>(deprecated)</sup> 4711 4712getRevokedCerts() : Promise<Array\<X509CrlEntry>> 4713 4714表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 4715 4716> **说明:** 4717> 4718> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11-1)替代。 4719 4720**系统能力:** SystemCapability.Security.Cert 4721 4722**返回值**: 4723 4724| 类型 | 说明 | 4725| ---------------------------------------------- | ---------------------- | 4726| Promise<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 表示被吊销X509证书列表 | 4727 4728**错误码:** 4729 4730以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4731 4732| 错误码ID | 错误信息 | 4733| -------- | ----------------------- | 4734| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4735| 19020001 | memory error. | 4736| 19030001 | crypto operation error. | 4737 4738**示例:** 4739 4740```ts 4741import { cert } from '@kit.DeviceCertificateKit'; 4742import { BusinessError } from '@kit.BasicServicesKit'; 4743 4744// string转Uint8Array 4745function stringToUint8Array(str: string): Uint8Array { 4746 let arr: Array<number> = []; 4747 for (let i = 0, j = str.length; i < j; i++) { 4748 arr.push(str.charCodeAt(i)); 4749 } 4750 return new Uint8Array(arr); 4751} 4752 4753let crlData = '-----BEGIN X509 CRL-----\n' + 4754 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4755 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4756 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4757 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4758 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4759 'eavsH0Q3\n' + 4760 '-----END X509 CRL-----\n'; 4761 4762// 证书吊销列表二进制数据,需业务自行赋值 4763let encodingBlob: cert.EncodingBlob = { 4764 data: stringToUint8Array(crlData), 4765 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4766 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4767}; 4768 4769cert.createX509Crl(encodingBlob).then(x509Crl => { 4770 console.log('createX509Crl success'); 4771 x509Crl.getRevokedCerts().then(array => { 4772 console.log('getRevokedCerts success'); 4773 }).catch((error: BusinessError) => { 4774 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4775 }); 4776}).catch((error: BusinessError) => { 4777 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4778}); 4779``` 4780 4781### getTbsInfo<sup>(deprecated)</sup> 4782 4783getTbsInfo() : DataBlob 4784 4785表示获取证书吊销列表的tbsCertList信息。 4786 4787> **说明:** 4788> 4789> 从API version 11开始废弃,建议使用[X509CRL.getTBSInfo](#gettbsinfo11)替代。 4790 4791**系统能力:** SystemCapability.Security.Cert 4792 4793**返回值**: 4794 4795| 类型 | 说明 | 4796| --------------------- | ------------------------------- | 4797| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息 | 4798 4799**错误码:** 4800 4801以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4802 4803| 错误码ID | 错误信息 | 4804| -------- | ----------------------- | 4805| 19020001 | memory error. | 4806| 19020002 | runtime error. | 4807| 19030001 | crypto operation error. | 4808 4809**示例:** 4810 4811```ts 4812import { cert } from '@kit.DeviceCertificateKit'; 4813import { BusinessError } from '@kit.BasicServicesKit'; 4814 4815// string转Uint8Array 4816function stringToUint8Array(str: string): Uint8Array { 4817 let arr: Array<number> = []; 4818 for (let i = 0, j = str.length; i < j; i++) { 4819 arr.push(str.charCodeAt(i)); 4820 } 4821 return new Uint8Array(arr); 4822} 4823 4824let crlData = '-----BEGIN X509 CRL-----\n' + 4825 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4826 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4827 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4828 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4829 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4830 'eavsH0Q3\n' + 4831 '-----END X509 CRL-----\n'; 4832 4833// 证书吊销列表二进制数据,需业务自行赋值 4834let encodingBlob: cert.EncodingBlob = { 4835 data: stringToUint8Array(crlData), 4836 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4837 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4838}; 4839 4840cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4841 if (error) { 4842 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4843 } else { 4844 console.log('createX509Crl success'); 4845 try { 4846 let tbsInfo = x509Crl.getTbsInfo(); 4847 } catch (error) { 4848 let e: BusinessError = error as BusinessError; 4849 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4850 } 4851 } 4852}); 4853``` 4854 4855### getSignature<sup>(deprecated)</sup> 4856 4857getSignature() : DataBlob 4858 4859表示获取X509证书吊销列表的签名数据。 4860 4861> **说明:** 4862> 4863> 从API version 11开始废弃,建议使用[X509CRL.getSignature](#getsignature11)替代。 4864 4865**系统能力:** SystemCapability.Security.Cert 4866 4867**返回值**: 4868 4869| 类型 | 说明 | 4870| --------------------- | ------------------------------ | 4871| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据 | 4872 4873**错误码:** 4874 4875以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4876 4877| 错误码ID | 错误信息 | 4878| -------- | ----------------------- | 4879| 19020001 | memory error. | 4880| 19020002 | runtime error. | 4881| 19030001 | crypto operation error. | 4882 4883**示例:** 4884 4885```ts 4886import { cert } from '@kit.DeviceCertificateKit'; 4887import { BusinessError } from '@kit.BasicServicesKit'; 4888 4889// string转Uint8Array 4890function stringToUint8Array(str: string): Uint8Array { 4891 let arr: Array<number> = []; 4892 for (let i = 0, j = str.length; i < j; i++) { 4893 arr.push(str.charCodeAt(i)); 4894 } 4895 return new Uint8Array(arr); 4896} 4897 4898let crlData = '-----BEGIN X509 CRL-----\n' + 4899 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4900 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4901 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4902 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4903 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4904 'eavsH0Q3\n' + 4905 '-----END X509 CRL-----\n'; 4906 4907// 证书吊销列表二进制数据,需业务自行赋值 4908let encodingBlob: cert.EncodingBlob = { 4909 data: stringToUint8Array(crlData), 4910 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4911 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4912}; 4913 4914cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4915 if (error) { 4916 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4917 } else { 4918 console.log('createX509Crl success'); 4919 try { 4920 let signature = x509Crl.getSignature(); 4921 } catch (err) { 4922 let e: BusinessError = err as BusinessError; 4923 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4924 } 4925 } 4926}); 4927``` 4928 4929### getSignatureAlgName<sup>(deprecated)</sup> 4930 4931getSignatureAlgName() : string 4932 4933表示获取X509证书吊销列表签名的算法名称。 4934 4935> **说明:** 4936> 4937> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgName](#getsignaturealgname11)替代。 4938 4939**系统能力:** SystemCapability.Security.Cert 4940 4941**返回值**: 4942 4943| 类型 | 说明 | 4944| ------ | -------------------------------- | 4945| string | 表示X509证书吊销列表签名的算法名 | 4946 4947**错误码:** 4948 4949以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4950 4951| 错误码ID | 错误信息 | 4952| -------- | ----------------------- | 4953| 19020001 | memory error. | 4954| 19020002 | runtime error. | 4955| 19030001 | crypto operation error. | 4956 4957**示例:** 4958 4959```ts 4960import { cert } from '@kit.DeviceCertificateKit'; 4961import { BusinessError } from '@kit.BasicServicesKit'; 4962 4963// string转Uint8Array 4964function stringToUint8Array(str: string): Uint8Array { 4965 let arr: Array<number> = []; 4966 for (let i = 0, j = str.length; i < j; i++) { 4967 arr.push(str.charCodeAt(i)); 4968 } 4969 return new Uint8Array(arr); 4970} 4971 4972let crlData = '-----BEGIN X509 CRL-----\n' + 4973 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4974 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4975 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4976 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4977 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4978 'eavsH0Q3\n' + 4979 '-----END X509 CRL-----\n'; 4980 4981// 证书吊销列表二进制数据,需业务自行赋值 4982let encodingBlob: cert.EncodingBlob = { 4983 data: stringToUint8Array(crlData), 4984 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 4985 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4986}; 4987 4988cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4989 if (error) { 4990 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4991 } else { 4992 console.log('createX509Crl success'); 4993 try { 4994 let sigAlgName = x509Crl.getSignatureAlgName(); 4995 } catch (err) { 4996 let e: BusinessError = err as BusinessError; 4997 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4998 } 4999 } 5000}); 5001``` 5002 5003### getSignatureAlgOid<sup>(deprecated)</sup> 5004 5005getSignatureAlgOid() : string 5006 5007表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 5008 5009> **说明:** 5010> 5011> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgOid](#getsignaturealgoid11)替代。 5012 5013**系统能力:** SystemCapability.Security.Cert 5014 5015**返回值**: 5016 5017| 类型 | 说明 | 5018| ------ | --------------------------------------------- | 5019| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 5020 5021**错误码:** 5022 5023以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5024 5025| 错误码ID | 错误信息 | 5026| -------- | ----------------------- | 5027| 19020001 | memory error. | 5028| 19020002 | runtime error. | 5029| 19030001 | crypto operation error. | 5030 5031**示例:** 5032 5033```ts 5034import { cert } from '@kit.DeviceCertificateKit'; 5035import { BusinessError } from '@kit.BasicServicesKit'; 5036 5037// string转Uint8Array 5038function stringToUint8Array(str: string): Uint8Array { 5039 let arr: Array<number> = []; 5040 for (let i = 0, j = str.length; i < j; i++) { 5041 arr.push(str.charCodeAt(i)); 5042 } 5043 return new Uint8Array(arr); 5044} 5045 5046let crlData = '-----BEGIN X509 CRL-----\n' + 5047 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5048 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5049 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5050 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5051 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5052 'eavsH0Q3\n' + 5053 '-----END X509 CRL-----\n'; 5054 5055// 证书吊销列表二进制数据,需业务自行赋值 5056let encodingBlob: cert.EncodingBlob = { 5057 data: stringToUint8Array(crlData), 5058 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5059 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5060}; 5061 5062cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5063 if (error) { 5064 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5065 } else { 5066 console.log('createX509Crl success'); 5067 try { 5068 let sigAlgOid = x509Crl.getSignatureAlgOid(); 5069 } catch (err) { 5070 let e: BusinessError = err as BusinessError; 5071 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5072 } 5073 } 5074}); 5075``` 5076 5077### getSignatureAlgParams<sup>(deprecated)</sup> 5078 5079getSignatureAlgParams() : DataBlob 5080 5081表示获取X509证书吊销列表签名的算法参数。 5082 5083> **说明:** 5084> 5085> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgParams](#getsignaturealgparams11)替代。 5086 5087**系统能力:** SystemCapability.Security.Cert 5088 5089**返回值**: 5090 5091| 类型 | 说明 | 5092| --------------------- | ---------------------------------- | 5093| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数 | 5094 5095**错误码:** 5096 5097以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5098 5099| 错误码ID | 错误信息 | 5100| -------- | ----------------------- | 5101| 801 | this operation is not supported. | 5102| 19020001 | memory error. | 5103| 19020002 | runtime error. | 5104| 19030001 | crypto operation error. | 5105 5106**示例:** 5107 5108```ts 5109import { cert } from '@kit.DeviceCertificateKit'; 5110import { BusinessError } from '@kit.BasicServicesKit'; 5111 5112// string转Uint8Array 5113function stringToUint8Array(str: string): Uint8Array { 5114 let arr: Array<number> = []; 5115 for (let i = 0, j = str.length; i < j; i++) { 5116 arr.push(str.charCodeAt(i)); 5117 } 5118 return new Uint8Array(arr); 5119} 5120 5121let crlData = '-----BEGIN X509 CRL-----\n' + 5122 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5123 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5124 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5125 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5126 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5127 'eavsH0Q3\n' + 5128 '-----END X509 CRL-----\n'; 5129 5130// 证书吊销列表二进制数据,需业务自行赋值 5131let encodingBlob: cert.EncodingBlob = { 5132 data: stringToUint8Array(crlData), 5133 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5134 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5135}; 5136 5137cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5138 if (error) { 5139 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5140 } else { 5141 console.log('createX509Crl success'); 5142 try { 5143 let sigAlgParams = x509Crl.getSignatureAlgParams(); 5144 } catch (err) { 5145 let e: BusinessError = err as BusinessError; 5146 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5147 } 5148 } 5149}); 5150``` 5151## X509CRL<sup>11+</sup> 5152 5153被吊销证书列表对象。 5154 5155### isRevoked<sup>11+</sup> 5156 5157isRevoked(cert : X509Cert) : boolean 5158 5159表示检查证书是否吊销。 5160 5161**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5162 5163**系统能力:** SystemCapability.Security.Cert 5164 5165**参数**: 5166 5167| 参数名 | 类型 | 必填 | 说明 | 5168| ------ | -------- | ---- | -------------------- | 5169| cert | [X509Cert](#x509cert) | 是 | 表示被检查的证书对象 | 5170 5171**返回值**: 5172 5173| 类型 | 说明 | 5174| ------- | ------------------------------------------------- | 5175| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销 | 5176 5177**错误码:** 5178 5179以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5180 5181| 错误码ID | 错误信息 | 5182| -------- | ----------------------- | 5183| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5184 5185**示例:** 5186 5187```ts 5188import { cert } from '@kit.DeviceCertificateKit'; 5189import { BusinessError } from '@kit.BasicServicesKit'; 5190 5191// string转Uint8Array 5192function stringToUint8Array(str: string): Uint8Array { 5193 let arr: Array<number> = []; 5194 for (let i = 0, j = str.length; i < j; i++) { 5195 arr.push(str.charCodeAt(i)); 5196 } 5197 return new Uint8Array(arr); 5198} 5199 5200let crlData = '-----BEGIN X509 CRL-----\n' + 5201 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5202 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5203 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5204 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5205 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5206 'eavsH0Q3\n' + 5207 '-----END X509 CRL-----\n'; 5208 5209let certData = '-----BEGIN CERTIFICATE-----\n' + 5210 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 5211 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 5212 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 5213 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 5214 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 5215 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 5216 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 5217 '-----END CERTIFICATE-----\n'; 5218 5219// 证书吊销列表二进制数据,需业务自行赋值 5220let encodingBlob: cert.EncodingBlob = { 5221 data: stringToUint8Array(crlData), 5222 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5223 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5224}; 5225 5226let certEncodingBlob: cert.EncodingBlob = { 5227 data: stringToUint8Array(certData), 5228 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5229 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5230}; 5231 5232cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5233 if (error) { 5234 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5235 } else { 5236 console.log('createX509CRL success'); 5237 // Create an X509Cert instance. 5238 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 5239 if (error) { 5240 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5241 } else { 5242 try { 5243 let revokedFlag = x509CRL.isRevoked(x509Cert); 5244 } catch (error) { 5245 let e: BusinessError = error as BusinessError; 5246 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5247 } 5248 } 5249 }); 5250 } 5251}); 5252``` 5253 5254### getType<sup>11+</sup> 5255 5256getType() : string 5257 5258表示获取证书吊销列表类型。 5259 5260**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5261 5262**系统能力:** SystemCapability.Security.Cert 5263 5264**返回值**: 5265 5266| 类型 | 说明 | 5267| ------ | -------------------- | 5268| string | 表示证书吊销列表类型 | 5269 5270**示例:** 5271 5272```ts 5273import { cert } from '@kit.DeviceCertificateKit'; 5274 5275// string转Uint8Array 5276function stringToUint8Array(str: string): Uint8Array { 5277 let arr: Array<number> = []; 5278 for (let i = 0, j = str.length; i < j; i++) { 5279 arr.push(str.charCodeAt(i)); 5280 } 5281 return new Uint8Array(arr); 5282} 5283 5284let crlData = '-----BEGIN X509 CRL-----\n' + 5285 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5286 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5287 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5288 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5289 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5290 'eavsH0Q3\n' + 5291 '-----END X509 CRL-----\n'; 5292 5293// 证书吊销列表二进制数据,需业务自行赋值 5294let encodingBlob: cert.EncodingBlob = { 5295 data: stringToUint8Array(crlData), 5296 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5297 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5298}; 5299 5300cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5301 if (error) { 5302 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5303 } else { 5304 console.log('createX509CRL success'); 5305 let type = x509CRL.getType(); 5306 } 5307}); 5308``` 5309 5310### getEncoded<sup>11+</sup> 5311 5312getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 5313 5314表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 5315 5316**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5317 5318**系统能力:** SystemCapability.Security.Cert 5319 5320**参数**: 5321 5322| 参数名 | 类型 | 必填 | 说明 | 5323| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 5324| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示X509证书吊销列表的序列化数据 | 5325 5326**错误码:** 5327 5328以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5329 5330| 错误码ID | 错误信息 | 5331| -------- | ----------------------- | 5332| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5333| 19020001 | memory error. | 5334| 19020002 | runtime error. | 5335| 19030001 | crypto operation error. | 5336 5337**示例:** 5338 5339```ts 5340import { cert } from '@kit.DeviceCertificateKit'; 5341 5342// string转Uint8Array 5343function stringToUint8Array(str: string): Uint8Array { 5344 let arr: Array<number> = []; 5345 for (let i = 0, j = str.length; i < j; i++) { 5346 arr.push(str.charCodeAt(i)); 5347 } 5348 return new Uint8Array(arr); 5349} 5350 5351let crlData = '-----BEGIN X509 CRL-----\n' + 5352 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5353 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5354 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5355 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5356 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5357 'eavsH0Q3\n' + 5358 '-----END X509 CRL-----\n'; 5359 5360// 证书吊销列表二进制数据,需业务自行赋值 5361let encodingBlob: cert.EncodingBlob = { 5362 data: stringToUint8Array(crlData), 5363 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5364 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5365}; 5366 5367cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5368 if (error) { 5369 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5370 } else { 5371 console.log('createX509CRL success'); 5372 x509CRL.getEncoded((error, data) => { 5373 if (error) { 5374 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5375 } else { 5376 console.log('getEncoded success'); 5377 } 5378 }); 5379 } 5380}); 5381``` 5382 5383### getEncoded<sup>11+</sup> 5384 5385getEncoded() : Promise\<EncodingBlob> 5386 5387表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 5388 5389**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5390 5391**系统能力:** SystemCapability.Security.Cert 5392 5393**返回值**: 5394 5395| 类型 | 说明 | 5396| --------------------------------------- | -------------------------------- | 5397| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书吊销列表的序列化数据 | 5398**错误码:** 5399 5400以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5401 5402| 错误码ID | 错误信息 | 5403| -------- | ----------------------- | 5404| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5405| 19020001 | memory error. | 5406| 19020002 | runtime error. | 5407| 19030001 | crypto operation error. | 5408 5409**示例:** 5410 5411```ts 5412import { cert } from '@kit.DeviceCertificateKit'; 5413import { BusinessError } from '@kit.BasicServicesKit'; 5414 5415// string转Uint8Array 5416function stringToUint8Array(str: string): Uint8Array { 5417 let arr: Array<number> = []; 5418 for (let i = 0, j = str.length; i < j; i++) { 5419 arr.push(str.charCodeAt(i)); 5420 } 5421 return new Uint8Array(arr); 5422} 5423 5424let crlData = '-----BEGIN X509 CRL-----\n' + 5425 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5426 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5427 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5428 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5429 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5430 'eavsH0Q3\n' + 5431 '-----END X509 CRL-----\n'; 5432 5433// 证书吊销列表二进制数据,需业务自行赋值 5434let encodingBlob: cert.EncodingBlob = { 5435 data: stringToUint8Array(crlData), 5436 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5437 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5438}; 5439 5440cert.createX509CRL(encodingBlob).then(x509CRL => { 5441 console.log('createX509CRL success'); 5442 x509CRL.getEncoded().then(result => { 5443 console.log('getEncoded success'); 5444 }).catch((error: BusinessError) => { 5445 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5446 }); 5447}).catch((error: BusinessError) => { 5448 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5449}); 5450``` 5451 5452### verify<sup>11+</sup> 5453 5454verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 5455 5456表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 5457 5458**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5459 5460**系统能力:** SystemCapability.Security.Cert 5461 5462**参数**: 5463 5464| 参数名 | 类型 | 必填 | 说明 | 5465| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 5466| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象 | 5467| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 5468 5469**错误码:** 5470 5471以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5472 5473| 错误码ID | 错误信息 | 5474| -------- | ----------------------- | 5475| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5476| 19030001 | crypto operation error. | 5477 5478**示例:** 5479 5480```ts 5481import { cert } from '@kit.DeviceCertificateKit'; 5482import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 5483import { BusinessError } from '@kit.BasicServicesKit'; 5484 5485// string转Uint8Array 5486function stringToUint8Array(str: string): Uint8Array { 5487 let arr: Array<number> = []; 5488 for (let i = 0, j = str.length; i < j; i++) { 5489 arr.push(str.charCodeAt(i)); 5490 } 5491 return new Uint8Array(arr); 5492} 5493 5494let crlData = '-----BEGIN X509 CRL-----\n' + 5495 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5496 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5497 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5498 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5499 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5500 'eavsH0Q3\n' + 5501 '-----END X509 CRL-----\n'; 5502 5503let pubKeyData = new Uint8Array([ 5504 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5505 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5506 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5507 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5508 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5509 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5510 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5511 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5512 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5513 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5514 0x00, 0x01 5515]); 5516 5517let priKeyData = new Uint8Array([ 5518 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5519 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5520 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5521 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5522 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5523 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5524 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5525 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5526 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5527 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5528 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5529 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5530 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5531 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5532 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5533 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5534 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5535 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5536 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5537 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5538 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5539 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5540 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5541 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5542 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5543 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5544 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5545 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5546 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5547 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5548 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5549 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5550 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5551 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5552 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5553 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5554 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5555 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5556 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5557 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5558]); 5559 5560// 证书吊销列表二进制数据,需业务自行赋值 5561let encodingBlob: cert.EncodingBlob = { 5562 data: stringToUint8Array(crlData), 5563 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5564 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5565}; 5566 5567cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5568 if (error) { 5569 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5570 } else { 5571 console.log('createX509Crl success'); 5572 try { 5573 // Generate the public key by AsyKeyGenerator. 5574 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5575 console.log('createAsyKeyGenerator success'); 5576 let priEncodingBlob: cryptoFramework.DataBlob = { 5577 data: priKeyData, 5578 }; 5579 let pubEncodingBlob: cryptoFramework.DataBlob = { 5580 data: pubKeyData, 5581 }; 5582 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 5583 if (e) { 5584 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 5585 } else { 5586 console.log('convert key success'); 5587 x509CRL.verify(keyPair.pubKey, (err, data) => { 5588 if (err) { 5589 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 5590 } else { 5591 console.log('verify success'); 5592 } 5593 }); 5594 } 5595 }) 5596 } catch (error) { 5597 let e: BusinessError = error as BusinessError; 5598 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5599 } 5600 } 5601}); 5602``` 5603 5604### verify<sup>11+</sup> 5605 5606verify(key : cryptoFramework.PubKey) : Promise\<void> 5607 5608表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 5609 5610**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5611 5612**系统能力:** SystemCapability.Security.Cert 5613 5614**参数**: 5615 5616| 参数名 | 类型 | 必填 | 说明 | 5617| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 5618| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 5619 5620**返回值**: 5621 5622| 类型 | 说明 | 5623| -------------- | ----------- | 5624| Promise\<void> | Promise对象 | 5625 5626**错误码:** 5627 5628以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5629 5630| 错误码ID | 错误信息 | 5631| -------- | ----------------------- | 5632| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5633| 19030001 | crypto operation error. | 5634 5635**示例:** 5636 5637```ts 5638import { cert } from '@kit.DeviceCertificateKit'; 5639import { cryptoFramework } from '@kit.CryptoArchitectureKit' 5640import { BusinessError } from '@kit.BasicServicesKit'; 5641 5642// string转Uint8Array 5643function stringToUint8Array(str: string): Uint8Array { 5644 let arr: Array<number> = []; 5645 for (let i = 0, j = str.length; i < j; i++) { 5646 arr.push(str.charCodeAt(i)); 5647 } 5648 return new Uint8Array(arr); 5649} 5650 5651let crlData = '-----BEGIN X509 CRL-----\n' + 5652 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5653 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5654 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5655 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5656 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5657 'eavsH0Q3\n' + 5658 '-----END X509 CRL-----\n'; 5659 5660let pubKeyData = new Uint8Array([ 5661 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5662 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5663 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5664 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5665 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5666 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5667 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5668 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5669 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5670 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5671 0x00, 0x01 5672]); 5673 5674let priKeyData = new Uint8Array([ 5675 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5676 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5677 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5678 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5679 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5680 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5681 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5682 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5683 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5684 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5685 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5686 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5687 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5688 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5689 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5690 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5691 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5692 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5693 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5694 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5695 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5696 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5697 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5698 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5699 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5700 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5701 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5702 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5703 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5704 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5705 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5706 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5707 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5708 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5709 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5710 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5711 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5712 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5713 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5714 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5715]); 5716 5717// 证书吊销列表二进制数据,需业务自行赋值 5718let encodingBlob: cert.EncodingBlob = { 5719 data: stringToUint8Array(crlData), 5720 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5721 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5722}; 5723 5724cert.createX509CRL(encodingBlob).then(x509CRL => { 5725 console.log('createX509Crl success'); 5726 5727 try { 5728 // 生成公钥对象 5729 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5730 console.log('createAsyKeyGenerator success'); 5731 let priEncodingBlob: cryptoFramework.DataBlob = { 5732 data: priKeyData, 5733 }; 5734 let pubEncodingBlob: cryptoFramework.DataBlob = { 5735 data: pubKeyData, 5736 }; 5737 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 5738 console.log('convert key success'); 5739 x509CRL.verify(keyPair.pubKey).then(result => { 5740 console.log('verify success'); 5741 }).catch((error: BusinessError) => { 5742 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5743 }); 5744 }).catch((error: BusinessError) => { 5745 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 5746 }); 5747 } catch (error) { 5748 let e: BusinessError = error as BusinessError; 5749 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5750 } 5751}).catch((error: BusinessError) => { 5752 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5753}); 5754``` 5755 5756### getVersion<sup>11+</sup> 5757 5758getVersion() : number 5759 5760表示获取X509证书吊销列表的版本号。 5761 5762**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5763 5764**系统能力:** SystemCapability.Security.Cert 5765 5766**返回值**: 5767 5768| 类型 | 说明 | 5769| ------ | -------------------------------- | 5770| number | 表示获取X509证书吊销列表的版本号 | 5771 5772**示例:** 5773 5774```ts 5775import { cert } from '@kit.DeviceCertificateKit'; 5776 5777// string转Uint8Array 5778function stringToUint8Array(str: string): Uint8Array { 5779 let arr: Array<number> = []; 5780 for (let i = 0, j = str.length; i < j; i++) { 5781 arr.push(str.charCodeAt(i)); 5782 } 5783 return new Uint8Array(arr); 5784} 5785 5786let crlData = '-----BEGIN X509 CRL-----\n' + 5787 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5788 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5789 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5790 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5791 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5792 'eavsH0Q3\n' + 5793 '-----END X509 CRL-----\n'; 5794 5795// 证书吊销列表二进制数据,需业务自行赋值 5796let encodingBlob: cert.EncodingBlob = { 5797 data: stringToUint8Array(crlData), 5798 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5799 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5800}; 5801 5802cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5803 if (error) { 5804 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5805 } else { 5806 console.log('createX509CRL success'); 5807 let version = x509CRL.getVersion(); 5808 } 5809}); 5810``` 5811 5812### getIssuerName<sup>11+</sup> 5813 5814getIssuerName() : DataBlob 5815 5816表示获取X509证书吊销列表颁发者名称。 5817 5818**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5819 5820**系统能力:** SystemCapability.Security.Cert 5821 5822**返回值**: 5823 5824| 类型 | 说明 | 5825| --------------------- | ------------------------------ | 5826| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称 | 5827 5828**错误码:** 5829 5830以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5831 5832| 错误码ID | 错误信息 | 5833| -------- | ----------------------- | 5834| 19020001 | memory error. | 5835| 19020002 | runtime error. | 5836| 19030001 | crypto operation error. | 5837 5838**示例:** 5839 5840```ts 5841import { cert } from '@kit.DeviceCertificateKit'; 5842import { BusinessError } from '@kit.BasicServicesKit'; 5843 5844// string转Uint8Array 5845function stringToUint8Array(str: string): Uint8Array { 5846 let arr: Array<number> = []; 5847 for (let i = 0, j = str.length; i < j; i++) { 5848 arr.push(str.charCodeAt(i)); 5849 } 5850 return new Uint8Array(arr); 5851} 5852 5853let crlData = '-----BEGIN X509 CRL-----\n' + 5854 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5855 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5856 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5857 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5858 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5859 'eavsH0Q3\n' + 5860 '-----END X509 CRL-----\n'; 5861 5862// 证书吊销列表二进制数据,需业务自行赋值 5863let encodingBlob: cert.EncodingBlob = { 5864 data: stringToUint8Array(crlData), 5865 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5866 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5867}; 5868 5869cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5870 if (error) { 5871 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5872 } else { 5873 console.log('createX509CRL success'); 5874 try { 5875 let issuerName = x509CRL.getIssuerName(); 5876 } catch (err) { 5877 let e: BusinessError = err as BusinessError; 5878 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5879 } 5880 } 5881}); 5882``` 5883 5884### getLastUpdate<sup>11+</sup> 5885 5886getLastUpdate() : string 5887 5888表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 5889 5890**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5891 5892**系统能力:** SystemCapability.Security.Cert 5893 5894**返回值**: 5895 5896| 类型 | 说明 | 5897| ------ | ------------------------------------ | 5898| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 5899 5900**错误码:** 5901 5902以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5903 5904| 错误码ID | 错误信息 | 5905| -------- | ----------------------- | 5906| 19020001 | memory error. | 5907| 19020002 | runtime error. | 5908| 19030001 | crypto operation error. | 5909 5910**示例:** 5911 5912```ts 5913import { cert } from '@kit.DeviceCertificateKit'; 5914import { BusinessError } from '@kit.BasicServicesKit'; 5915 5916// string转Uint8Array 5917function stringToUint8Array(str: string): Uint8Array { 5918 let arr: Array<number> = []; 5919 for (let i = 0, j = str.length; i < j; i++) { 5920 arr.push(str.charCodeAt(i)); 5921 } 5922 return new Uint8Array(arr); 5923} 5924 5925let crlData = '-----BEGIN X509 CRL-----\n' + 5926 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5927 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5928 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5929 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5930 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5931 'eavsH0Q3\n' + 5932 '-----END X509 CRL-----\n'; 5933 5934// 证书吊销列表二进制数据,需业务自行赋值 5935let encodingBlob: cert.EncodingBlob = { 5936 data: stringToUint8Array(crlData), 5937 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 5938 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5939}; 5940 5941cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5942 if (error) { 5943 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5944 } else { 5945 console.log('createX509CRL success'); 5946 try { 5947 let lastUpdate = x509CRL.getLastUpdate(); 5948 } catch (err) { 5949 let e: BusinessError = err as BusinessError; 5950 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5951 } 5952 } 5953}); 5954``` 5955 5956### getNextUpdate<sup>11+</sup> 5957 5958getNextUpdate() : string 5959 5960表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 5961 5962**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5963 5964**系统能力:** SystemCapability.Security.Cert 5965 5966**返回值**: 5967 5968| 类型 | 说明 | 5969| ------ | ------------------------------------ | 5970| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 5971 5972**错误码:** 5973 5974以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5975 5976| 错误码ID | 错误信息 | 5977| -------- | ----------------------- | 5978| 19020001 | memory error. | 5979| 19020002 | runtime error. | 5980| 19030001 | crypto operation error. | 5981 5982**示例:** 5983 5984```ts 5985import { cert } from '@kit.DeviceCertificateKit'; 5986import { BusinessError } from '@kit.BasicServicesKit'; 5987 5988// string转Uint8Array 5989function stringToUint8Array(str: string): Uint8Array { 5990 let arr: Array<number> = []; 5991 for (let i = 0, j = str.length; i < j; i++) { 5992 arr.push(str.charCodeAt(i)); 5993 } 5994 return new Uint8Array(arr); 5995} 5996 5997let crlData = '-----BEGIN X509 CRL-----\n' + 5998 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5999 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6000 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6001 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6002 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6003 'eavsH0Q3\n' + 6004 '-----END X509 CRL-----\n'; 6005 6006// 证书吊销列表二进制数据,需业务自行赋值 6007let encodingBlob: cert.EncodingBlob = { 6008 data: stringToUint8Array(crlData), 6009 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6010 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6011}; 6012 6013cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6014 if (error) { 6015 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6016 } else { 6017 console.log('createX509CRL success'); 6018 try { 6019 let nextUpdate = x509CRL.getNextUpdate(); 6020 } catch (err) { 6021 let e: BusinessError = err as BusinessError; 6022 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6023 } 6024 } 6025}); 6026``` 6027 6028### getRevokedCert<sup>11+</sup> 6029 6030getRevokedCert(serialNumber : bigint) : X509CRLEntry 6031 6032表示通过指定证书序列号获取被吊销X509证书对象。 6033 6034**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6035 6036**系统能力:** SystemCapability.Security.Cert 6037 6038**参数**: 6039 6040| 参数名 | 类型 | 必填 | 说明 | 6041| ------------ | ------ | ---- | -------------- | 6042| serialNumber | bigint | 是 | 表示证书序列号 | 6043 6044**返回值**: 6045 6046| 类型 | 说明 | 6047| ------------------------------- | ---------------------- | 6048| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象 | 6049 6050**错误码:** 6051 6052以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6053 6054| 错误码ID | 错误信息 | 6055| -------- | ----------------------- | 6056| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6057| 19020001 | memory error. | 6058| 19030001 | crypto operation error. | 6059 6060**示例:** 6061 6062```ts 6063import { cert } from '@kit.DeviceCertificateKit'; 6064import { BusinessError } from '@kit.BasicServicesKit'; 6065 6066// string转Uint8Array 6067function stringToUint8Array(str: string): Uint8Array { 6068 let arr: Array<number> = []; 6069 for (let i = 0, j = str.length; i < j; i++) { 6070 arr.push(str.charCodeAt(i)); 6071 } 6072 return new Uint8Array(arr); 6073} 6074 6075let crlData = '-----BEGIN X509 CRL-----\n' + 6076 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6077 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6078 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6079 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6080 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6081 'eavsH0Q3\n' + 6082 '-----END X509 CRL-----\n'; 6083 6084// 证书吊销列表二进制数据,需业务自行赋值 6085let encodingBlob: cert.EncodingBlob = { 6086 data: stringToUint8Array(crlData), 6087 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6088 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6089}; 6090 6091cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6092 if (error) { 6093 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6094 } else { 6095 console.log('createX509CRL success'); 6096 let serialNumber = BigInt(1000); 6097 try { 6098 let entry = x509CRL.getRevokedCert(serialNumber); 6099 } catch (error) { 6100 let e: BusinessError = error as BusinessError; 6101 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6102 } 6103 } 6104}); 6105``` 6106 6107### getRevokedCertWithCert<sup>11+</sup> 6108 6109getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 6110 6111表示通过指定证书对象获取被吊销X509证书对象。 6112 6113**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6114 6115**系统能力:** SystemCapability.Security.Cert 6116 6117**参数**: 6118 6119| 参数名 | 类型 | 必填 | 说明 | 6120| ------ | --------------------- | ---- | ------------ | 6121| cert | [X509Cert](#x509cert) | 是 | 表示证书对象 | 6122 6123**返回值**: 6124 6125| 类型 | 说明 | 6126| ------------------------------- | ---------------------- | 6127| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象 | 6128 6129**错误码:** 6130 6131以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6132 6133| 错误码ID | 错误信息 | 6134| -------- | ----------------------- | 6135| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6136| 19020001 | memory error. | 6137| 19030001 | crypto operation error. | 6138 6139**示例:** 6140 6141```ts 6142import { cert } from '@kit.DeviceCertificateKit'; 6143import { BusinessError } from '@kit.BasicServicesKit'; 6144 6145// string转Uint8Array 6146function stringToUint8Array(str: string): Uint8Array { 6147 let arr: Array<number> = []; 6148 for (let i = 0, j = str.length; i < j; i++) { 6149 arr.push(str.charCodeAt(i)); 6150 } 6151 return new Uint8Array(arr); 6152} 6153 6154let crlData = '-----BEGIN X509 CRL-----\n' + 6155 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6156 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6157 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6158 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6159 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6160 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6161 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6162 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6163 '+i2osvdPWRia0dJCL1PCA14k\n' + 6164 '-----END X509 CRL-----\n'; 6165 6166// 证书二进制数据,需业务自行赋值 6167let certData = '-----BEGIN CERTIFICATE-----\n' + 6168 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 6169 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 6170 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 6171 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 6172 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 6173 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 6174 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 6175 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 6176 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 6177 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 6178 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 6179 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 6180 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 6181 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 6182 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 6183 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 6184 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 6185 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 6186 '-----END CERTIFICATE-----\n'; 6187 6188let certEncodingBlob: cert.EncodingBlob = { 6189 data: stringToUint8Array(certData), 6190 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6191 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6192}; 6193 6194// 证书吊销列表二进制数据,需业务自行赋值 6195let encodingBlob: cert.EncodingBlob = { 6196 data: stringToUint8Array(crlData), 6197 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6198 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6199}; 6200 6201cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6202 if (error) { 6203 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6204 } else { 6205 console.log('createX509CRL success'); 6206 // 创建X509证书对象. 6207 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 6208 try { 6209 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 6210 console.log('getRevokedCertWithCert success'); 6211 } catch (error) { 6212 let e: BusinessError = error as BusinessError; 6213 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6214 } 6215 }).catch((error: BusinessError) => { 6216 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6217 }) 6218 } 6219}); 6220``` 6221 6222### getRevokedCerts<sup>11+</sup> 6223 6224getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 6225 6226表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 6227 6228**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6229 6230**系统能力:** SystemCapability.Security.Cert 6231 6232**参数**: 6233 6234| 参数名 | 类型 | 必填 | 说明 | 6235| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 6236| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | 是 | 回调函数。表示被吊销X509证书列表 | 6237 6238**错误码:** 6239 6240以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6241 6242| 错误码ID | 错误信息 | 6243| -------- | ----------------------- | 6244| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6245| 19020001 | memory error. | 6246| 19030001 | crypto operation error. | 6247 6248**示例:** 6249 6250```ts 6251import { cert } from '@kit.DeviceCertificateKit'; 6252import { BusinessError } from '@kit.BasicServicesKit'; 6253 6254// string转Uint8Array 6255function stringToUint8Array(str: string): Uint8Array { 6256 let arr: Array<number> = []; 6257 for (let i = 0, j = str.length; i < j; i++) { 6258 arr.push(str.charCodeAt(i)); 6259 } 6260 return new Uint8Array(arr); 6261} 6262 6263let crlData = '-----BEGIN X509 CRL-----\n' + 6264 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6265 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6266 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6267 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6268 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6269 'eavsH0Q3\n' + 6270 '-----END X509 CRL-----\n'; 6271 6272// 证书吊销列表二进制数据,需业务自行赋值 6273let encodingBlob: cert.EncodingBlob = { 6274 data: stringToUint8Array(crlData), 6275 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6276 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6277}; 6278 6279cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6280 if (error) { 6281 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6282 } else { 6283 console.log('createX509CRL success'); 6284 x509CRL.getRevokedCerts((error, array) => { 6285 if (error) { 6286 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6287 } else { 6288 console.log('getRevokedCerts success'); 6289 } 6290 }); 6291 } 6292}); 6293``` 6294 6295### getRevokedCerts<sup>11+</sup> 6296 6297getRevokedCerts() : Promise<Array\<X509CRLEntry>> 6298 6299表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 6300 6301**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6302 6303**系统能力:** SystemCapability.Security.Cert 6304 6305**返回值**: 6306 6307| 类型 | 说明 | 6308| ------------------------------------------------ | ---------------------- | 6309| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | 表示被吊销X509证书列表 | 6310 6311**错误码:** 6312 6313以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6314 6315| 错误码ID | 错误信息 | 6316| -------- | ----------------------- | 6317| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6318| 19020001 | memory error. | 6319| 19030001 | crypto operation error. | 6320 6321**示例:** 6322 6323```ts 6324import { cert } from '@kit.DeviceCertificateKit'; 6325import { BusinessError } from '@kit.BasicServicesKit'; 6326 6327// string转Uint8Array 6328function stringToUint8Array(str: string): Uint8Array { 6329 let arr: Array<number> = []; 6330 for (let i = 0, j = str.length; i < j; i++) { 6331 arr.push(str.charCodeAt(i)); 6332 } 6333 return new Uint8Array(arr); 6334} 6335 6336let crlData = '-----BEGIN X509 CRL-----\n' + 6337 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6338 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6339 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6340 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6341 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6342 'eavsH0Q3\n' + 6343 '-----END X509 CRL-----\n'; 6344 6345// 证书吊销列表二进制数据,需业务自行赋值 6346let encodingBlob: cert.EncodingBlob = { 6347 data: stringToUint8Array(crlData), 6348 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6349 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6350}; 6351 6352cert.createX509CRL(encodingBlob).then(x509CRL => { 6353 console.log('createX509CRL success'); 6354 x509CRL.getRevokedCerts().then(array => { 6355 console.log('getRevokedCerts success'); 6356 }).catch((error: BusinessError) => { 6357 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6358 }); 6359}).catch((error: BusinessError) => { 6360 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6361}); 6362``` 6363 6364### getSignature<sup>11+</sup> 6365 6366getSignature() : DataBlob 6367 6368表示获取X509证书吊销列表的签名数据。 6369 6370**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6371 6372**系统能力:** SystemCapability.Security.Cert 6373 6374**返回值**: 6375 6376| 类型 | 说明 | 6377| --------------------- | ------------------------------ | 6378| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据 | 6379 6380**错误码:** 6381 6382以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6383 6384| 错误码ID | 错误信息 | 6385| -------- | ----------------------- | 6386| 19020001 | memory error. | 6387| 19020002 | runtime error. | 6388| 19030001 | crypto operation error. | 6389 6390**示例:** 6391 6392```ts 6393import { cert } from '@kit.DeviceCertificateKit'; 6394import { BusinessError } from '@kit.BasicServicesKit'; 6395 6396// string转Uint8Array 6397function stringToUint8Array(str: string): Uint8Array { 6398 let arr: Array<number> = []; 6399 for (let i = 0, j = str.length; i < j; i++) { 6400 arr.push(str.charCodeAt(i)); 6401 } 6402 return new Uint8Array(arr); 6403} 6404 6405let crlData = '-----BEGIN X509 CRL-----\n' + 6406 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6407 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6408 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6409 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6410 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6411 'eavsH0Q3\n' + 6412 '-----END X509 CRL-----\n'; 6413 6414// 证书吊销列表二进制数据,需业务自行赋值 6415let encodingBlob: cert.EncodingBlob = { 6416 data: stringToUint8Array(crlData), 6417 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6418 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6419}; 6420 6421cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6422 if (error) { 6423 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6424 } else { 6425 console.log('createX509CRL success'); 6426 try { 6427 let signature = x509CRL.getSignature(); 6428 } catch (err) { 6429 let e: BusinessError = err as BusinessError; 6430 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6431 } 6432 } 6433}); 6434``` 6435 6436### getSignatureAlgName<sup>11+</sup> 6437 6438getSignatureAlgName() : string 6439 6440表示获取X509证书吊销列表签名的算法名称。 6441 6442**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6443 6444**系统能力:** SystemCapability.Security.Cert 6445 6446**返回值**: 6447 6448| 类型 | 说明 | 6449| ------ | -------------------------------- | 6450| string | 表示X509证书吊销列表签名的算法名 | 6451 6452**错误码:** 6453 6454以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6455 6456| 错误码ID | 错误信息 | 6457| -------- | ----------------------- | 6458| 19020001 | memory error. | 6459| 19020002 | runtime error. | 6460| 19030001 | crypto operation error. | 6461 6462**示例:** 6463 6464```ts 6465import { cert } from '@kit.DeviceCertificateKit'; 6466import { BusinessError } from '@kit.BasicServicesKit'; 6467 6468// string转Uint8Array 6469function stringToUint8Array(str: string): Uint8Array { 6470 let arr: Array<number> = []; 6471 for (let i = 0, j = str.length; i < j; i++) { 6472 arr.push(str.charCodeAt(i)); 6473 } 6474 return new Uint8Array(arr); 6475} 6476 6477let crlData = '-----BEGIN X509 CRL-----\n' + 6478 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6479 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6480 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6481 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6482 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6483 'eavsH0Q3\n' + 6484 '-----END X509 CRL-----\n'; 6485 6486// 证书吊销列表二进制数据,需业务自行赋值 6487let encodingBlob: cert.EncodingBlob = { 6488 data: stringToUint8Array(crlData), 6489 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6490 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6491}; 6492 6493cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6494 if (error) { 6495 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6496 } else { 6497 console.log('createX509CRL success'); 6498 try { 6499 let sigAlgName = x509CRL.getSignatureAlgName(); 6500 } catch (err) { 6501 let e: BusinessError = err as BusinessError; 6502 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6503 } 6504 } 6505}); 6506``` 6507 6508### getSignatureAlgOid<sup>11+</sup> 6509 6510getSignatureAlgOid() : string 6511 6512表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 6513 6514**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6515 6516**系统能力:** SystemCapability.Security.Cert 6517 6518**返回值**: 6519 6520| 类型 | 说明 | 6521| ------ | --------------------------------------------- | 6522| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 6523 6524**错误码:** 6525 6526以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6527 6528| 错误码ID | 错误信息 | 6529| -------- | ----------------------- | 6530| 19020001 | memory error. | 6531| 19020002 | runtime error. | 6532| 19030001 | crypto operation error. | 6533 6534**示例:** 6535 6536```ts 6537import { cert } from '@kit.DeviceCertificateKit'; 6538import { BusinessError } from '@kit.BasicServicesKit'; 6539 6540// string转Uint8Array 6541function stringToUint8Array(str: string): Uint8Array { 6542 let arr: Array<number> = []; 6543 for (let i = 0, j = str.length; i < j; i++) { 6544 arr.push(str.charCodeAt(i)); 6545 } 6546 return new Uint8Array(arr); 6547} 6548 6549let crlData = '-----BEGIN X509 CRL-----\n' + 6550 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6551 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6552 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6553 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6554 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6555 'eavsH0Q3\n' + 6556 '-----END X509 CRL-----\n'; 6557 6558// 证书吊销列表二进制数据,需业务自行赋值 6559let encodingBlob: cert.EncodingBlob = { 6560 data: stringToUint8Array(crlData), 6561 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6562 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6563}; 6564 6565cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6566 if (error) { 6567 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6568 } else { 6569 console.log('createX509CRL success'); 6570 try { 6571 let sigAlgOid = x509CRL.getSignatureAlgOid(); 6572 } catch (err) { 6573 let e: BusinessError = err as BusinessError; 6574 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6575 } 6576 } 6577}); 6578``` 6579 6580### getSignatureAlgParams<sup>11+</sup> 6581 6582getSignatureAlgParams() : DataBlob 6583 6584表示获取X509证书吊销列表签名的算法参数。 6585 6586**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6587 6588**系统能力:** SystemCapability.Security.Cert 6589 6590**返回值**: 6591 6592| 类型 | 说明 | 6593| --------------------- | ---------------------------------- | 6594| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数 | 6595 6596**错误码:** 6597 6598以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6599 6600| 错误码ID | 错误信息 | 6601| -------- | ----------------------- | 6602| 801 | this operation is not supported. | 6603| 19020001 | memory error. | 6604| 19020002 | runtime error. | 6605| 19030001 | crypto operation error. | 6606 6607**示例:** 6608 6609```ts 6610import { cert } from '@kit.DeviceCertificateKit'; 6611import { BusinessError } from '@kit.BasicServicesKit'; 6612 6613// string转Uint8Array 6614function stringToUint8Array(str: string): Uint8Array { 6615 let arr: Array<number> = []; 6616 for (let i = 0, j = str.length; i < j; i++) { 6617 arr.push(str.charCodeAt(i)); 6618 } 6619 return new Uint8Array(arr); 6620} 6621 6622let crlData = '-----BEGIN X509 CRL-----\n' + 6623 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6624 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6625 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6626 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6627 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6628 'eavsH0Q3\n' + 6629 '-----END X509 CRL-----\n'; 6630 6631// 证书吊销列表二进制数据,需业务自行赋值 6632let encodingBlob: cert.EncodingBlob = { 6633 data: stringToUint8Array(crlData), 6634 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6635 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6636}; 6637 6638cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6639 if (error) { 6640 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6641 } else { 6642 console.log('createX509CRL success'); 6643 try { 6644 let sigAlgParams = x509CRL.getSignatureAlgParams(); 6645 } catch (err) { 6646 let e: BusinessError = err as BusinessError; 6647 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6648 } 6649 } 6650}); 6651``` 6652 6653### getTBSInfo<sup>11+</sup> 6654 6655getTBSInfo() : DataBlob 6656 6657表示获取证书吊销列表的tbsCertList信息。 6658 6659**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6660 6661**系统能力:** SystemCapability.Security.Cert 6662 6663**返回值**: 6664 6665| 类型 | 说明 | 6666| --------------------- | --------------------------------- | 6667| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息 | 6668 6669**错误码:** 6670 6671以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6672 6673| 错误码ID | 错误信息 | 6674| -------- | ----------------------- | 6675| 19020001 | memory error. | 6676| 19020002 | runtime error. | 6677| 19030001 | crypto operation error. | 6678 6679**示例:** 6680 6681```ts 6682import { cert } from '@kit.DeviceCertificateKit'; 6683import { BusinessError } from '@kit.BasicServicesKit'; 6684 6685// string转Uint8Array 6686function stringToUint8Array(str: string): Uint8Array { 6687 let arr: Array<number> = []; 6688 for (let i = 0, j = str.length; i < j; i++) { 6689 arr.push(str.charCodeAt(i)); 6690 } 6691 return new Uint8Array(arr); 6692} 6693 6694let crlData = '-----BEGIN X509 CRL-----\n' + 6695 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6696 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6697 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6698 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6699 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6700 'eavsH0Q3\n' + 6701 '-----END X509 CRL-----\n'; 6702 6703// 证书吊销列表二进制数据,需业务自行赋值 6704let encodingBlob: cert.EncodingBlob = { 6705 data: stringToUint8Array(crlData), 6706 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6707 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6708}; 6709 6710cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6711 if (error) { 6712 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6713 } else { 6714 console.log('createX509CRL success'); 6715 try { 6716 let tbsInfo = x509CRL.getTBSInfo(); 6717 } catch (error) { 6718 let e: BusinessError = error as BusinessError; 6719 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6720 } 6721 } 6722}); 6723``` 6724 6725### getExtensions<sup>11+</sup> 6726 6727getExtensions(): DataBlob 6728 6729表示获取CRL的扩展。 6730 6731**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6732 6733**系统能力:** SystemCapability.Security.Cert 6734 6735**返回值**: 6736 6737| 类型 | 说明 | 6738| --------------------- | ------------------- | 6739| [DataBlob](#datablob) | 表示X509CRL扩展用途 | 6740 6741**错误码:** 6742 6743以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6744 6745| 错误码ID | 错误信息 | 6746| -------- | ----------------------- | 6747| 19020001 | memory error. | 6748| 19020002 | runtime error. | 6749| 19030001 | crypto operation error. | 6750 6751**示例:** 6752 6753```ts 6754import { cert } from '@kit.DeviceCertificateKit'; 6755import { BusinessError } from '@kit.BasicServicesKit'; 6756 6757// string转Uint8Array 6758function stringToUint8Array(str: string): Uint8Array { 6759 let arr: Array<number> = []; 6760 for (let i = 0, j = str.length; i < j; i++) { 6761 arr.push(str.charCodeAt(i)); 6762 } 6763 return new Uint8Array(arr); 6764} 6765 6766let crlData = '-----BEGIN X509 CRL-----\n' + 6767 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6768 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6769 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6770 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6771 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6772 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6773 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6774 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6775 '+i2osvdPWRia0dJCL1PCA14k\n' + 6776 '-----END X509 CRL-----\n'; 6777 6778// 证书吊销列表二进制数据,需业务自行赋值 6779let encodingBlob: cert.EncodingBlob = { 6780 data: stringToUint8Array(crlData), 6781 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6782 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6783}; 6784 6785cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6786 if (error) { 6787 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6788 } else { 6789 console.log('createX509CRL success'); 6790 try { 6791 let extensions = x509CRL.getExtensions(); 6792 } catch (error) { 6793 let e: BusinessError = error as BusinessError; 6794 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6795 } 6796 } 6797}); 6798``` 6799 6800### match<sup>11+</sup> 6801 6802match(param: X509CRLMatchParameters): boolean 6803 6804判断证书吊销列表是否与输入参数匹配。 6805 6806**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6807 6808**系统能力:** SystemCapability.Security.Cert 6809 6810**参数**: 6811 6812| 参数名 | 类型 | 必填 | 说明 | 6813| --------- | ------ | ---- | ------------------------------------------ | 6814| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| 是 | 表示需要匹配的参数。 | 6815 6816**返回值**: 6817 6818| 类型 | 说明 | 6819| --------------------- | ----------------------------------------- | 6820| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 6821 6822**错误码:** 6823 6824以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6825 6826| 错误码ID | 错误信息 | 6827| -------- | -------------- | 6828| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6829| 19020001 | memory error. | 6830| 19030001 | crypto operation error. | 6831 6832**示例:** 6833 6834```ts 6835import { cert } from '@kit.DeviceCertificateKit'; 6836import { BusinessError } from '@kit.BasicServicesKit'; 6837 6838// string转Uint8Array 6839function stringToUint8Array(str: string): Uint8Array { 6840 let arr: Array<number> = []; 6841 for (let i = 0, j = str.length; i < j; i++) { 6842 arr.push(str.charCodeAt(i)); 6843 } 6844 return new Uint8Array(arr); 6845} 6846 6847let crlData = '-----BEGIN X509 CRL-----\n' + 6848 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6849 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6850 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6851 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6852 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6853 'eavsH0Q3\n' + 6854 '-----END X509 CRL-----\n'; 6855 6856// 证书吊销列表二进制数据,需业务自行赋值 6857let crlEncodingBlob: cert.EncodingBlob = { 6858 data: stringToUint8Array(crlData), 6859 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6860 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6861}; 6862 6863const certData = "-----BEGIN CERTIFICATE-----\r\n" + 6864 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 6865 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 6866 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 6867 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 6868 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 6869 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 6870 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 6871 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 6872 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 6873 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 6874 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 6875 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 6876 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 6877 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 6878 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 6879 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 6880 "-----END CERTIFICATE-----\r\n"; 6881const certEncodingBlob: cert.EncodingBlob = { 6882 data: stringToUint8Array(certData), 6883 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 6884}; 6885 6886async function crlMatch() { 6887 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 6888 try { 6889 x509Cert = await cert.createX509Cert(certEncodingBlob); 6890 console.log('createX509Cert success'); 6891 } catch (err) { 6892 console.error('createX509Cert failed'); 6893 } 6894 6895 cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 6896 if (error) { 6897 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6898 } else { 6899 console.log('createX509CRL success'); 6900 try { 6901 const param: cert.X509CRLMatchParameters = { 6902 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 6903 x509Cert: x509Cert 6904 } 6905 const result = x509CRL.match(param); 6906 } catch (error) { 6907 let e: BusinessError = error as BusinessError; 6908 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6909 } 6910 } 6911 }); 6912} 6913``` 6914 6915### getIssuerX500DistinguishedName<sup>12+</sup> 6916 6917getIssuerX500DistinguishedName(): X500DistinguishedName 6918 6919获取颁发者的X509可分辨名称。 6920 6921**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6922 6923**系统能力:** SystemCapability.Security.Cert 6924 6925**返回值**: 6926 6927| 类型 | 说明 | 6928| --------------------- | ----------------------------------------- | 6929| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。 | 6930 6931**错误码:** 6932 6933以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6934 6935| 错误码ID | 错误信息 | 6936| -------- | -------------- | 6937| 19020001 | memory error. | 6938| 19020002 | runtime error. | 6939| 19030001 | crypto operation error. | 6940 6941**示例:** 6942 6943```ts 6944import { cert } from '@kit.DeviceCertificateKit'; 6945import { BusinessError } from '@kit.BasicServicesKit'; 6946 6947// string转Uint8Array 6948function stringToUint8Array(str: string): Uint8Array { 6949 let arr: Array<number> = []; 6950 for (let i = 0, j = str.length; i < j; i++) { 6951 arr.push(str.charCodeAt(i)); 6952 } 6953 return new Uint8Array(arr); 6954} 6955 6956let crlData = '-----BEGIN X509 CRL-----\n' + 6957 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6958 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6959 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6960 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6961 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6962 'eavsH0Q3\n' + 6963 '-----END X509 CRL-----\n'; 6964 6965// 证书吊销列表二进制数据,需业务自行赋值 6966let crlEncodingBlob: cert.EncodingBlob = { 6967 data: stringToUint8Array(crlData), 6968 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 6969 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6970}; 6971 6972async function crlGetIssuerX500DistinguishedName() { 6973 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 6974 try { 6975 x509Crl = await cert.createX509CRL(crlEncodingBlob); 6976 console.log('createX509CRL success'); 6977 let name = x509Crl.getIssuerX500DistinguishedName(); 6978 } catch (err) { 6979 let e: BusinessError = err as BusinessError; 6980 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6981 } 6982} 6983``` 6984 6985### toString<sup>12+</sup> 6986 6987toString(): string 6988 6989获取对象的字符串类型数据。 6990 6991**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6992 6993**系统能力:** SystemCapability.Security.Cert 6994 6995**返回值**: 6996 6997| 类型 | 说明 | 6998| --------------------- | ----------------------------------------- | 6999| string | 对象的字符串类型数据。 | 7000 7001**错误码:** 7002 7003以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7004 7005| 错误码ID | 错误信息 | 7006| -------- | -------------- | 7007| 19020001 | memory error. | 7008| 19020002 | runtime error. | 7009| 19030001 | crypto operation error. | 7010 7011**示例:** 7012 7013```ts 7014import { cert } from '@kit.DeviceCertificateKit'; 7015import { BusinessError } from '@kit.BasicServicesKit'; 7016 7017// string转Uint8Array 7018function stringToUint8Array(str: string): Uint8Array { 7019 let arr: Array<number> = []; 7020 for (let i = 0, j = str.length; i < j; i++) { 7021 arr.push(str.charCodeAt(i)); 7022 } 7023 return new Uint8Array(arr); 7024} 7025 7026let crlData = '-----BEGIN X509 CRL-----\n' + 7027 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7028 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7029 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7030 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7031 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7032 'eavsH0Q3\n' + 7033 '-----END X509 CRL-----\n'; 7034 7035// 证书吊销列表二进制数据,需业务自行赋值 7036let crlEncodingBlob: cert.EncodingBlob = { 7037 data: stringToUint8Array(crlData), 7038 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7039 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7040}; 7041 7042async function crlToString() { 7043 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7044 try { 7045 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7046 console.log('createX509CRL success'); 7047 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); 7048 } catch (err) { 7049 let e: BusinessError = err as BusinessError; 7050 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7051 } 7052} 7053``` 7054 7055### hashCode<sup>12+</sup> 7056 7057hashCode(): Uint8Array 7058 7059获取DER格式数据的哈希值。 7060 7061**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7062 7063**系统能力:** SystemCapability.Security.Cert 7064 7065**返回值**: 7066 7067| 类型 | 说明 | 7068| --------------------- | ----------------------------------------- | 7069| Uint8Array | DER格式数据的哈希值。 | 7070 7071**错误码:** 7072 7073以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7074 7075| 错误码ID | 错误信息 | 7076| -------- | -------------- | 7077| 19020001 | memory error. | 7078| 19020002 | runtime error. | 7079| 19030001 | crypto operation error. | 7080 7081**示例:** 7082 7083```ts 7084import { cert } from '@kit.DeviceCertificateKit'; 7085import { BusinessError } from '@kit.BasicServicesKit'; 7086 7087// string转Uint8Array 7088function stringToUint8Array(str: string): Uint8Array { 7089 let arr: Array<number> = []; 7090 for (let i = 0, j = str.length; i < j; i++) { 7091 arr.push(str.charCodeAt(i)); 7092 } 7093 return new Uint8Array(arr); 7094} 7095 7096let crlData = '-----BEGIN X509 CRL-----\n' + 7097 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7098 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7099 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7100 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7101 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7102 'eavsH0Q3\n' + 7103 '-----END X509 CRL-----\n'; 7104 7105// 证书吊销列表二进制数据,需业务自行赋值 7106let crlEncodingBlob: cert.EncodingBlob = { 7107 data: stringToUint8Array(crlData), 7108 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7109 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7110}; 7111 7112async function crlHashCode() { 7113 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7114 try { 7115 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7116 console.log('createX509CRL success'); 7117 console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); 7118 } catch (err) { 7119 let e: BusinessError = err as BusinessError; 7120 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7121 } 7122} 7123``` 7124 7125### getExtensionsObject<sup>12+</sup> 7126 7127getExtensionsObject(): CertExtension 7128 7129获取对应实体的扩展域DER格式数据。 7130 7131**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7132 7133**系统能力:** SystemCapability.Security.Cert 7134 7135**返回值**: 7136 7137| 类型 | 说明 | 7138| --------------------- | ----------------------------------------- | 7139| [CertExtension](#certextension10) | 证书扩展域段类对象。| 7140 7141**错误码:** 7142 7143以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7144 7145| 错误码ID | 错误信息 | 7146| -------- | -------------- | 7147| 19020001 | memory error. | 7148| 19020002 | runtime error. | 7149| 19030001 | crypto operation error. | 7150 7151**示例:** 7152 7153```ts 7154import { cert } from '@kit.DeviceCertificateKit'; 7155import { BusinessError } from '@kit.BasicServicesKit'; 7156 7157// string转Uint8Array 7158function stringToUint8Array(str: string): Uint8Array { 7159 let arr: Array<number> = []; 7160 for (let i = 0, j = str.length; i < j; i++) { 7161 arr.push(str.charCodeAt(i)); 7162 } 7163 return new Uint8Array(arr); 7164} 7165 7166let crlData = '-----BEGIN X509 CRL-----\n' + 7167 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 7168 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 7169 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + 7170 '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 7171 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + 7172 '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 7173 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + 7174 '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 7175 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 7176 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + 7177 '+X48g7VE2o2X4cfy\n' + 7178 '-----END X509 CRL-----\n'; 7179 7180// 证书吊销列表二进制数据,需业务自行赋值 7181let crlEncodingBlob: cert.EncodingBlob = { 7182 data: stringToUint8Array(crlData), 7183 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7184 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7185}; 7186 7187async function crlHashCode() { 7188 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7189 try { 7190 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7191 console.log('createX509CRL success'); 7192 let object = x509Crl.getExtensionsObject(); 7193 } catch (err) { 7194 let e: BusinessError = err as BusinessError; 7195 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7196 } 7197} 7198``` 7199 7200## cert.createCertChainValidator 7201 7202createCertChainValidator(algorithm :string) : CertChainValidator 7203 7204表示创建证书链校验器对象。 7205 7206**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7207 7208**系统能力:** SystemCapability.Security.Cert 7209 7210**参数**: 7211 7212| 参数名 | 类型 | 必填 | 说明 | 7213| --------- | ------ | ---- | ------------------------------------------ | 7214| algorithm | string | 是 | 表示证书链校验器算法。当前仅支持输入“PKIX” | 7215 7216**返回值**: 7217 7218| 类型 | 说明 | 7219| ------------------ | -------------------- | 7220| [CertChainValidator](#certchainvalidator) | 表示证书链校验器对象 | 7221 7222**错误码:** 7223 7224以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7225 7226| 错误码ID | 错误信息 | 7227| -------- | ----------------------- | 7228| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7229| 801 | this operation is not supported. | 7230| 19020001 | memory error. | 7231| 19020002 | runtime error. | 7232| 19030001 | crypto operation error. | 7233 7234**示例:** 7235 7236```ts 7237import { cert } from '@kit.DeviceCertificateKit'; 7238import { BusinessError } from '@kit.BasicServicesKit'; 7239 7240try { 7241 let validator = cert.createCertChainValidator('PKIX'); 7242} catch (error) { 7243 let e: BusinessError = error as BusinessError; 7244 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7245} 7246``` 7247 7248## CertChainValidator 7249 7250证书链校验器对象。 7251 7252 7253### 属性 7254 7255**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7256 7257**系统能力:** SystemCapability.Security.Cert 7258 7259| 名称 | 类型 | 可读 | 可写 | 说明 | 7260| ------- | ------ | ---- | ---- | -------------------------- | 7261| algorithm | string | 是 | 否 | X509证书链校验器算法名称。 | 7262 7263 7264### validate 7265 7266validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 7267 7268表示校验X509证书链,使用Callback回调异步返回结果。 7269由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7270 7271**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7272 7273**系统能力:** SystemCapability.Security.Cert 7274 7275**参数**: 7276 7277| 参数名 | 类型 | 必填 | 说明 | 7278| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 7279| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据 | 7280| callback | AsyncCallback\<void> | 是 | 回调函数。使用AsyncCallback的第一个error参数判断是否校验成功,error为null表示成功,error不为null表示失败 | 7281 7282**错误码:** 7283 7284以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7285 7286| 错误码ID | 错误信息 | 7287| -------- | ------------------------------------------------- | 7288| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7289| 19020001 | memory error. | 7290| 19020002 | runtime error. | 7291| 19030001 | crypto operation error. | 7292| 19030002 | the certificate signature verification failed. | 7293| 19030003 | the certificate has not taken effect. | 7294| 19030004 | the certificate has expired. | 7295| 19030005 | failed to obtain the certificate issuer. | 7296| 19030006 | the key cannot be used for signing a certificate. | 7297| 19030007 | the key cannot be used for digital signature. | 7298 7299**示例:** 7300 7301```ts 7302import { cert } from '@kit.DeviceCertificateKit'; 7303import { BusinessError } from '@kit.BasicServicesKit'; 7304 7305// string转Uint8Array 7306function stringToUint8Array(str: string): Uint8Array { 7307 let arr: Array<number> = []; 7308 for (let i = 0, j = str.length; i < j; i++) { 7309 arr.push(str.charCodeAt(i)); 7310 } 7311 return new Uint8Array(arr); 7312} 7313 7314// 证书链二进制数据 7315let certPem = '-----BEGIN CERTIFICATE-----\n' + 7316 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7317 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7318 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7319 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7320 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7321 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7322 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7323 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7324 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7325 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7326 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7327 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7328 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7329 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7330 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7331 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7332 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7333 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7334 '-----END CERTIFICATE-----'; 7335 7336let caPem = '-----BEGIN CERTIFICATE-----\n' + 7337'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7338'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7339'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7340'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7341'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7342'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7343'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7344'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7345'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7346'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7347'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7348'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7349'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7350'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7351'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7352'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7353'sSus\n' + 7354'-----END CERTIFICATE-----'; 7355 7356let certPemData = stringToUint8Array(certPem); 7357let caPemData = stringToUint8Array(caPem); 7358 7359let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7360let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7361 7362let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7363certChainBuff.set(certPemDataLenData) 7364certChainBuff.set(certPemData, certPemDataLenData.length) 7365certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7366certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7367 7368let certChainData: cert.CertChainData = { 7369 data: certChainBuff, 7370 // 证书链包含的证书个数,需业务自行赋值 7371 count: 2, 7372 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7373 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7374}; 7375 7376try { 7377 let validator = cert.createCertChainValidator('PKIX'); 7378 validator.validate(certChainData, (error, data) => { 7379 if (error) { 7380 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7381 } else { 7382 console.log('validate success'); 7383 } 7384 }); 7385} catch (error) { 7386 let e: BusinessError = error as BusinessError; 7387 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7388} 7389``` 7390 7391### validate 7392 7393validate(certChain : CertChainData) : Promise\<void> 7394 7395表示校验X509证书链,使用Promise方式异步返回结果。 7396由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7397 7398**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7399 7400**系统能力:** SystemCapability.Security.Cert 7401 7402**参数**: 7403 7404| 参数名 | 类型 | 必填 | 说明 | 7405| --------- | ------------------------------- | ---- | -------------------------- | 7406| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据。 | 7407 7408**返回值**: 7409 7410| 类型 | 说明 | 7411| -------------- | ----------- | 7412| Promise\<void> | Promise对象 | 7413 7414**错误码:** 7415 7416以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7417 7418| 错误码ID | 错误信息 | 7419| -------- | ------------------------------------------------- | 7420| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7421| 19020001 | memory error. | 7422| 19020002 | runtime error. | 7423| 19030001 | crypto operation error. | 7424| 19030002 | the certificate signature verification failed. | 7425| 19030003 | the certificate has not taken effect. | 7426| 19030004 | the certificate has expired. | 7427| 19030005 | failed to obtain the certificate issuer. | 7428| 19030006 | the key cannot be used for signing a certificate. | 7429| 19030007 | the key cannot be used for digital signature. | 7430 7431**示例:** 7432 7433```ts 7434import { cert } from '@kit.DeviceCertificateKit'; 7435import { BusinessError } from '@kit.BasicServicesKit'; 7436 7437// string转Uint8Array 7438function stringToUint8Array(str: string): Uint8Array { 7439 let arr: Array<number> = []; 7440 for (let i = 0, j = str.length; i < j; i++) { 7441 arr.push(str.charCodeAt(i)); 7442 } 7443 return new Uint8Array(arr); 7444} 7445 7446// 证书链数据 7447let certPem = '-----BEGIN CERTIFICATE-----\n' + 7448 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7449 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7450 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7451 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7452 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7453 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7454 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7455 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7456 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7457 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7458 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7459 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7460 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7461 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7462 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7463 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7464 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7465 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7466 '-----END CERTIFICATE-----'; 7467 7468let caPem = '-----BEGIN CERTIFICATE-----\n' + 7469'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7470'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7471'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7472'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7473'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7474'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7475'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7476'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7477'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7478'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7479'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7480'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7481'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7482'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7483'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7484'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7485'sSus\n' + 7486'-----END CERTIFICATE-----'; 7487 7488let certPemData = stringToUint8Array(certPem); 7489let caPemData = stringToUint8Array(caPem); 7490 7491let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7492let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7493 7494let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7495certChainBuff.set(certPemDataLenData) 7496certChainBuff.set(certPemData, certPemDataLenData.length) 7497certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7498certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7499 7500let certChainData: cert.CertChainData = { 7501 data: certChainBuff, 7502 // 证书链包含的证书个数,需业务自行赋值 7503 count: 2, 7504 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7505 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7506}; 7507 7508try { 7509 let validator = cert.createCertChainValidator('PKIX'); 7510 validator.validate(certChainData).then(result => { 7511 console.log('validate success'); 7512 }).catch((error: BusinessError) => { 7513 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7514 }); 7515} catch (error) { 7516 let e: BusinessError = error as BusinessError; 7517 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7518} 7519``` 7520 7521## X509CrlEntry<sup>(deprecated)</sup> 7522 7523被吊销证书对象。 7524 7525> **说明:** 7526> 7527> 从API version 11开始废弃,建议使用[X509CrlEntry](#x509crlentry11)替代。 7528 7529### getEncoded<sup>(deprecated)</sup> 7530 7531getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7532 7533表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 7534 7535> **说明:** 7536> 7537> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-2)替代。 7538 7539**系统能力:** SystemCapability.Security.Cert 7540 7541**参数**: 7542 7543| 参数名 | 类型 | 必填 | 说明 | 7544| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7545| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示被吊销证书的序列化数据 | 7546 7547**错误码:** 7548 7549以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7550 7551| 错误码ID | 错误信息 | 7552| -------- | ----------------------- | 7553| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7554| 19020001 | memory error. | 7555| 19020002 | runtime error. | 7556| 19030001 | crypto operation error. | 7557 7558**示例:** 7559 7560```ts 7561import { cert } from '@kit.DeviceCertificateKit'; 7562import { BusinessError } from '@kit.BasicServicesKit'; 7563 7564// string转Uint8Array 7565function stringToUint8Array(str: string): Uint8Array { 7566 let arr: Array<number> = []; 7567 for (let i = 0, j = str.length; i < j; i++) { 7568 arr.push(str.charCodeAt(i)); 7569 } 7570 return new Uint8Array(arr); 7571} 7572 7573let crlData = '-----BEGIN X509 CRL-----\n' + 7574 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7575 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7576 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7577 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7578 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7579 'eavsH0Q3\n' + 7580 '-----END X509 CRL-----\n' 7581 7582let encodingBlob: cert.EncodingBlob = { 7583 data: stringToUint8Array(crlData), 7584 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7585 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7586}; 7587 7588cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7589 if (err) { 7590 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7591 } else { 7592 console.log('create x509 crl success'); 7593 7594 try { 7595 let serialNumber = 1000; 7596 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7597 crlEntry.getEncoded((error, data) => { 7598 if (error) { 7599 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7600 } else { 7601 console.log('getEncoded success'); 7602 } 7603 }); 7604 } catch (error) { 7605 let e: BusinessError = error as BusinessError; 7606 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7607 } 7608 } 7609}) 7610``` 7611 7612### getEncoded<sup>(deprecated)</sup> 7613 7614getEncoded() : Promise\<EncodingBlob> 7615 7616表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 7617 7618> **说明:** 7619> 7620> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-3)替代。 7621 7622**系统能力:** SystemCapability.Security.Cert 7623 7624**返回值**: 7625 7626| 类型 | 说明 | 7627| --------------------------------------- | -------------------------- | 7628| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据 | 7629 7630**错误码:** 7631 7632以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7633 7634| 错误码ID | 错误信息 | 7635| -------- | ----------------------- | 7636| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7637| 19020001 | memory error. | 7638| 19020002 | runtime error. | 7639| 19030001 | crypto operation error. | 7640 7641**示例:** 7642 7643```ts 7644import { cert } from '@kit.DeviceCertificateKit'; 7645import { BusinessError } from '@kit.BasicServicesKit'; 7646 7647// string转Uint8Array 7648function stringToUint8Array(str: string): Uint8Array { 7649 let arr: Array<number> = []; 7650 for (let i = 0, j = str.length; i < j; i++) { 7651 arr.push(str.charCodeAt(i)); 7652 } 7653 return new Uint8Array(arr); 7654} 7655 7656let crlData = '-----BEGIN X509 CRL-----\n' + 7657 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7658 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7659 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7660 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7661 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7662 'eavsH0Q3\n' + 7663 '-----END X509 CRL-----\n' 7664 7665let encodingBlob: cert.EncodingBlob = { 7666 data: stringToUint8Array(crlData), 7667 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7668 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7669}; 7670 7671cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7672 if (err) { 7673 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7674 } else { 7675 console.log('create x509 crl success'); 7676 7677 try { 7678 let serialNumber = 1000; 7679 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7680 crlEntry.getEncoded().then(result => { 7681 console.log('getEncoded success'); 7682 }).catch((error: BusinessError) => { 7683 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7684 }); 7685 } catch (error) { 7686 let e: BusinessError = error as BusinessError; 7687 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7688 } 7689 } 7690}) 7691``` 7692 7693### getSerialNumber<sup>(deprecated)</sup> 7694 7695getSerialNumber() : number 7696 7697表示获取被吊销证书的序列号。 7698 7699> **说明:** 7700> 7701> 从API version 11开始废弃,建议使用[X509CRLEntry.getSerialNumber](#getserialnumber11)替代。 7702 7703**系统能力:** SystemCapability.Security.Cert 7704 7705**返回值**: 7706 7707| 类型 | 说明 | 7708| ------ | ---------------------- | 7709| number | 表示被吊销证书的序列号 | 7710 7711**示例:** 7712 7713```ts 7714import { cert } from '@kit.DeviceCertificateKit'; 7715import { BusinessError } from '@kit.BasicServicesKit'; 7716 7717// string转Uint8Array 7718function stringToUint8Array(str: string): Uint8Array { 7719 let arr: Array<number> = []; 7720 for (let i = 0, j = str.length; i < j; i++) { 7721 arr.push(str.charCodeAt(i)); 7722 } 7723 return new Uint8Array(arr); 7724} 7725 7726let crlData = '-----BEGIN X509 CRL-----\n' + 7727 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7728 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7729 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7730 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7731 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7732 'eavsH0Q3\n' + 7733 '-----END X509 CRL-----\n' 7734 7735let encodingBlob: cert.EncodingBlob = { 7736 data: stringToUint8Array(crlData), 7737 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7738 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7739}; 7740 7741cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7742 if (err) { 7743 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7744 } else { 7745 console.log('create x509 crl success'); 7746 7747 try { 7748 let serialNumber = 1000; 7749 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7750 serialNumber = crlEntry.getSerialNumber(); 7751 } catch (error) { 7752 let e: BusinessError = error as BusinessError; 7753 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7754 } 7755 } 7756}) 7757``` 7758 7759### getCertIssuer<sup>(deprecated)</sup> 7760 7761getCertIssuer() : DataBlob 7762 7763表示获取被吊销证书的颁发者信息。 7764 7765> **说明:** 7766> 7767> 从API version 11开始废弃,建议使用[X509CRLEntry.getCertIssuer](#getcertissuer11)替代。 7768 7769**系统能力:** SystemCapability.Security.Cert 7770 7771**返回值**: 7772 7773| 类型 | 说明 | 7774| --------------------- | ----------------------- | 7775| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息 | 7776 7777**错误码:** 7778 7779以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7780 7781| 错误码ID | 错误信息 | 7782| -------- | -------------- | 7783| 801 | this operation is not supported. | 7784| 19020001 | memory error. | 7785| 19020002 | runtime error. | 7786 7787**示例:** 7788 7789```ts 7790import { cert } from '@kit.DeviceCertificateKit'; 7791import { BusinessError } from '@kit.BasicServicesKit'; 7792 7793// string转Uint8Array 7794function stringToUint8Array(str: string): Uint8Array { 7795 let arr: Array<number> = []; 7796 for (let i = 0, j = str.length; i < j; i++) { 7797 arr.push(str.charCodeAt(i)); 7798 } 7799 return new Uint8Array(arr); 7800} 7801 7802let crlData = '-----BEGIN X509 CRL-----\n' + 7803 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7804 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7805 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7806 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7807 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7808 'eavsH0Q3\n' + 7809 '-----END X509 CRL-----\n' 7810 7811let encodingBlob: cert.EncodingBlob = { 7812 data: stringToUint8Array(crlData), 7813 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7814 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7815}; 7816 7817cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7818 if (err) { 7819 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7820 } else { 7821 console.log('create x509 crl success'); 7822 7823 try { 7824 let serialNumber = 1000; 7825 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7826 let issuer = crlEntry.getCertIssuer(); 7827 } catch (error) { 7828 let e: BusinessError = error as BusinessError; 7829 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7830 } 7831 } 7832}) 7833``` 7834 7835### getRevocationDate<sup>(deprecated)</sup> 7836 7837getRevocationDate() : string 7838 7839表示获取证书被吊销的日期,日期为ASN.1时间格式。 7840 7841> **说明:** 7842> 7843> 从API version 11开始废弃,建议使用[X509CRLEntry.getRevocationDate](#getrevocationdate11)替代。 7844 7845**系统能力:** SystemCapability.Security.Cert 7846 7847**返回值**: 7848 7849| 类型 | 说明 | 7850| ------ | ------------------ | 7851| string | 表示证书被吊销的日期,日期为ASN.1时间格式。 | 7852 7853**错误码:** 7854 7855以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7856 7857| 错误码ID | 错误信息 | 7858| -------- | ----------------------- | 7859| 19020001 | memory error. | 7860| 19020002 | runtime error. | 7861| 19030001 | crypto operation error. | 7862 7863**示例:** 7864 7865```ts 7866import { cert } from '@kit.DeviceCertificateKit'; 7867import { BusinessError } from '@kit.BasicServicesKit'; 7868 7869// string转Uint8Array 7870function stringToUint8Array(str: string): Uint8Array { 7871 let arr: Array<number> = []; 7872 for (let i = 0, j = str.length; i < j; i++) { 7873 arr.push(str.charCodeAt(i)); 7874 } 7875 return new Uint8Array(arr); 7876} 7877 7878let crlData = '-----BEGIN X509 CRL-----\n' + 7879 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7880 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7881 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7882 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7883 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7884 'eavsH0Q3\n' + 7885 '-----END X509 CRL-----\n' 7886 7887let encodingBlob: cert.EncodingBlob = { 7888 data: stringToUint8Array(crlData), 7889 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7890 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7891}; 7892 7893cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7894 if (err) { 7895 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7896 } else { 7897 console.log('create x509 crl success'); 7898 7899 try { 7900 let serialNumber = 1000; 7901 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7902 let date = crlEntry.getRevocationDate(); 7903 } catch (error) { 7904 let e: BusinessError = error as BusinessError; 7905 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7906 } 7907 } 7908}) 7909``` 7910 7911## X509CRLEntry<sup>11+</sup> 7912 7913被吊销证书对象。 7914 7915### getEncoded<sup>11+</sup> 7916 7917getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7918 7919表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 7920 7921**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7922 7923**系统能力:** SystemCapability.Security.Cert 7924 7925**参数**: 7926 7927| 参数名 | 类型 | 必填 | 说明 | 7928| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7929| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示被吊销证书的序列化数据 | 7930 7931**错误码:** 7932 7933以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7934 7935| 错误码ID | 错误信息 | 7936| -------- | ----------------------- | 7937| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7938| 19020001 | memory error. | 7939| 19020002 | runtime error. | 7940| 19030001 | crypto operation error. | 7941 7942**示例:** 7943 7944```ts 7945import { cert } from '@kit.DeviceCertificateKit'; 7946import { BusinessError } from '@kit.BasicServicesKit'; 7947 7948// string转Uint8Array 7949function stringToUint8Array(str: string): Uint8Array { 7950 let arr: Array<number> = []; 7951 for (let i = 0, j = str.length; i < j; i++) { 7952 arr.push(str.charCodeAt(i)); 7953 } 7954 return new Uint8Array(arr); 7955} 7956 7957let crlData = '-----BEGIN X509 CRL-----\n' + 7958 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7959 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7960 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7961 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7962 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7963 'eavsH0Q3\n' + 7964 '-----END X509 CRL-----\n' 7965 7966let encodingBlob: cert.EncodingBlob = { 7967 data: stringToUint8Array(crlData), 7968 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 7969 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7970}; 7971 7972cert.createX509CRL(encodingBlob, (err, x509CRL) => { 7973 if (err) { 7974 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7975 } else { 7976 console.log('create x509 CRL success'); 7977 7978 try { 7979 let serialNumber = BigInt(1000); 7980 let crlEntry = x509CRL.getRevokedCert(serialNumber); 7981 crlEntry.getEncoded((error, data) => { 7982 if (error) { 7983 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7984 } else { 7985 console.log('getEncoded success'); 7986 } 7987 }); 7988 } catch (error) { 7989 let e: BusinessError = error as BusinessError; 7990 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7991 } 7992 } 7993}) 7994``` 7995 7996### getEncoded<sup>11+</sup> 7997 7998getEncoded() : Promise\<EncodingBlob> 7999 8000表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 8001 8002**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8003 8004**系统能力:** SystemCapability.Security.Cert 8005 8006**返回值**: 8007 8008| 类型 | 说明 | 8009| --------------------------------------- | -------------------------- | 8010| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据 | 8011 8012**错误码:** 8013 8014以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8015 8016| 错误码ID | 错误信息 | 8017| -------- | ----------------------- | 8018| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8019| 19020001 | memory error. | 8020| 19020002 | runtime error. | 8021| 19030001 | crypto operation error. | 8022 8023**示例:** 8024 8025```ts 8026import { cert } from '@kit.DeviceCertificateKit'; 8027import { BusinessError } from '@kit.BasicServicesKit'; 8028 8029// string转Uint8Array 8030function stringToUint8Array(str: string): Uint8Array { 8031 let arr: Array<number> = []; 8032 for (let i = 0, j = str.length; i < j; i++) { 8033 arr.push(str.charCodeAt(i)); 8034 } 8035 return new Uint8Array(arr); 8036} 8037 8038let crlData = '-----BEGIN X509 CRL-----\n' + 8039 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8040 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8041 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8042 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8043 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8044 'eavsH0Q3\n' + 8045 '-----END X509 CRL-----\n' 8046 8047let encodingBlob: cert.EncodingBlob = { 8048 data: stringToUint8Array(crlData), 8049 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8050 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8051}; 8052 8053cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8054 if (err) { 8055 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8056 } else { 8057 console.log('create x509 CRL success'); 8058 8059 try { 8060 let serialNumber = BigInt(1000); 8061 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8062 crlEntry.getEncoded().then(result => { 8063 console.log('getEncoded success'); 8064 }).catch((error: BusinessError) => { 8065 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8066 }); 8067 } catch (error) { 8068 let e: BusinessError = error as BusinessError; 8069 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8070 } 8071 } 8072}) 8073``` 8074 8075### getSerialNumber<sup>11+</sup> 8076 8077getSerialNumber() : bigint 8078 8079表示获取被吊销证书的序列号。 8080 8081**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8082 8083**系统能力:** SystemCapability.Security.Cert 8084 8085**返回值**: 8086 8087| 类型 | 说明 | 8088| ------ | ---------------------- | 8089| bigint | 表示被吊销证书的序列号 | 8090 8091**错误码:** 8092 8093以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8094 8095| 错误码ID | 错误信息 | 8096| -------- | ----------------------- | 8097| 19020001 | memory error. | 8098| 19020002 | runtime error. | 8099| 19030001 | crypto operation error. | 8100 8101**示例:** 8102 8103```ts 8104import { cert } from '@kit.DeviceCertificateKit'; 8105import { BusinessError } from '@kit.BasicServicesKit'; 8106 8107// string转Uint8Array 8108function stringToUint8Array(str: string): Uint8Array { 8109 let arr: Array<number> = []; 8110 for (let i = 0, j = str.length; i < j; i++) { 8111 arr.push(str.charCodeAt(i)); 8112 } 8113 return new Uint8Array(arr); 8114} 8115 8116let crlData = '-----BEGIN X509 CRL-----\n' + 8117 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8118 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8119 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8120 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8121 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8122 'eavsH0Q3\n' + 8123 '-----END X509 CRL-----\n' 8124 8125let encodingBlob: cert.EncodingBlob = { 8126 data: stringToUint8Array(crlData), 8127 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8128 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8129}; 8130 8131cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8132 if (err) { 8133 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8134 } else { 8135 console.log('create x509 crl success'); 8136 8137 try { 8138 let serialNumber = BigInt(1000); 8139 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8140 serialNumber = crlEntry.getSerialNumber(); 8141 } catch (error) { 8142 let e: BusinessError = error as BusinessError; 8143 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8144 } 8145 } 8146}) 8147``` 8148 8149### getCertIssuer<sup>11+</sup> 8150 8151getCertIssuer() : DataBlob 8152 8153表示获取被吊销证书的颁发者信息。 8154 8155**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8156 8157**系统能力:** SystemCapability.Security.Cert 8158 8159**返回值**: 8160 8161| 类型 | 说明 | 8162| --------------------- | -------------------------- | 8163| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息 | 8164 8165**错误码:** 8166 8167以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8168 8169| 错误码ID | 错误信息 | 8170| -------- | ----------------------- | 8171| 801 | this operation is not supported. | 8172| 19020001 | memory error. | 8173| 19020002 | runtime error. | 8174| 19030001 | crypto operation error. | 8175 8176**示例:** 8177 8178```ts 8179import { cert } from '@kit.DeviceCertificateKit'; 8180import { BusinessError } from '@kit.BasicServicesKit'; 8181 8182// string转Uint8Array 8183function stringToUint8Array(str: string): Uint8Array { 8184 let arr: Array<number> = []; 8185 for (let i = 0, j = str.length; i < j; i++) { 8186 arr.push(str.charCodeAt(i)); 8187 } 8188 return new Uint8Array(arr); 8189} 8190 8191let crlData = '-----BEGIN X509 CRL-----\n' + 8192 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8193 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8194 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8195 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8196 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8197 'eavsH0Q3\n' + 8198 '-----END X509 CRL-----\n' 8199 8200let encodingBlob: cert.EncodingBlob = { 8201 data: stringToUint8Array(crlData), 8202 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8203 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8204}; 8205 8206cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8207 if (err) { 8208 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8209 } else { 8210 console.log('create x509 CRL success'); 8211 8212 try { 8213 let serialNumber = BigInt(1000); 8214 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8215 let issuer = crlEntry.getCertIssuer(); 8216 } catch (error) { 8217 let e: BusinessError = error as BusinessError; 8218 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8219 } 8220 } 8221}) 8222``` 8223 8224### getRevocationDate<sup>11+</sup> 8225 8226getRevocationDate() : string 8227 8228表示获取证书被吊销的日期,日期为ASN.1时间格式。 8229 8230**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8231 8232**系统能力:** SystemCapability.Security.Cert 8233 8234**返回值**: 8235 8236| 类型 | 说明 | 8237| ------ | -------------------- | 8238| string | 表示证书被吊销的日期,日期为ASN.1时间格式。 | 8239 8240**错误码:** 8241 8242以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8243 8244| 错误码ID | 错误信息 | 8245| -------- | ----------------------- | 8246| 19020001 | memory error. | 8247| 19020002 | runtime error. | 8248| 19030001 | crypto operation error. | 8249 8250**示例:** 8251 8252```ts 8253import { cert } from '@kit.DeviceCertificateKit'; 8254import { BusinessError } from '@kit.BasicServicesKit'; 8255 8256// string转Uint8Array 8257function stringToUint8Array(str: string): Uint8Array { 8258 let arr: Array<number> = []; 8259 for (let i = 0, j = str.length; i < j; i++) { 8260 arr.push(str.charCodeAt(i)); 8261 } 8262 return new Uint8Array(arr); 8263} 8264 8265let crlData = '-----BEGIN X509 CRL-----\n' + 8266 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8267 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8268 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8269 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8270 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8271 'eavsH0Q3\n' + 8272 '-----END X509 CRL-----\n' 8273 8274let encodingBlob: cert.EncodingBlob = { 8275 data: stringToUint8Array(crlData), 8276 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8277 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8278}; 8279 8280cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8281 if (err) { 8282 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8283 } else { 8284 console.log('create x509 CRL success'); 8285 8286 try { 8287 let serialNumber = BigInt(1000); 8288 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8289 let date = crlEntry.getRevocationDate(); 8290 } catch (error) { 8291 let e: BusinessError = error as BusinessError; 8292 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8293 } 8294 } 8295}) 8296``` 8297 8298### getExtensions<sup>11+</sup> 8299 8300getExtensions(): DataBlob 8301 8302表示获取CRL的扩展。 8303 8304**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8305 8306**系统能力:** SystemCapability.Security.Cert 8307 8308**返回值**: 8309 8310| 类型 | 说明 | 8311| --------------------- | ------------------------ | 8312| [DataBlob](#datablob) | 表示X509CRLEntry扩展用途 | 8313 8314**错误码:** 8315 8316以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8317 8318| 错误码ID | 错误信息 | 8319| -------- | ----------------------- | 8320| 19020001 | memory error. | 8321| 19020002 | runtime error. | 8322| 19030001 | crypto operation error. | 8323 8324**示例:** 8325 8326```ts 8327import { cert } from '@kit.DeviceCertificateKit'; 8328import { BusinessError } from '@kit.BasicServicesKit'; 8329 8330// string转Uint8Array 8331function stringToUint8Array(str: string): Uint8Array { 8332 let arr: Array<number> = []; 8333 for (let i = 0, j = str.length; i < j; i++) { 8334 arr.push(str.charCodeAt(i)); 8335 } 8336 return new Uint8Array(arr); 8337} 8338 8339let crlData = '-----BEGIN X509 CRL-----\n' + 8340 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 8341 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 8342 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 8343 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 8344 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 8345 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 8346 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 8347 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 8348 '+i2osvdPWRia0dJCL1PCA14k\n' + 8349 '-----END X509 CRL-----\n'; 8350 8351let encodingBlob: cert.EncodingBlob = { 8352 data: stringToUint8Array(crlData), 8353 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8354 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8355}; 8356 8357cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8358 if (err) { 8359 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8360 } else { 8361 console.log('create x509 CRL success'); 8362 8363 try { 8364 let serialNumber = BigInt(4); 8365 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8366 let extensions = crlEntry.getExtensions(); 8367 } catch (error) { 8368 let e: BusinessError = error as BusinessError; 8369 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8370 } 8371 } 8372}) 8373``` 8374 8375### hasExtensions<sup>11+</sup> 8376 8377hasExtensions(): boolean 8378 8379表示判断CRL Entry是否有扩展。 8380 8381**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8382 8383**系统能力:** SystemCapability.Security.Cert 8384 8385**返回值**: 8386 8387| 类型 | 说明 | 8388| ------- | ---------------------------------------------------- | 8389| boolean | 返回true则表示CRL Entry有扩展,返回false则表示无扩展 | 8390 8391**错误码:** 8392 8393以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8394 8395| 错误码ID | 错误信息 | 8396| -------- | ----------------------- | 8397| 19020001 | memory error. | 8398| 19020002 | runtime error. | 8399| 19030001 | crypto operation error. | 8400 8401**示例:** 8402 8403```ts 8404import { cert } from '@kit.DeviceCertificateKit'; 8405import { BusinessError } from '@kit.BasicServicesKit'; 8406 8407// string转Uint8Array 8408function stringToUint8Array(str: string): Uint8Array { 8409 let arr: Array<number> = []; 8410 for (let i = 0, j = str.length; i < j; i++) { 8411 arr.push(str.charCodeAt(i)); 8412 } 8413 return new Uint8Array(arr); 8414} 8415 8416let crlData = '-----BEGIN X509 CRL-----\n' + 8417 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8418 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8419 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8420 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8421 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8422 'eavsH0Q3\n' + 8423 '-----END X509 CRL-----\n' 8424 8425let encodingBlob: cert.EncodingBlob = { 8426 data: stringToUint8Array(crlData), 8427 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8428 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8429}; 8430 8431cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8432 if (err) { 8433 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8434 } else { 8435 console.log('create x509 CRL success'); 8436 8437 try { 8438 let serialNumber = BigInt(1000); 8439 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8440 let hasExtensions = crlEntry.hasExtensions(); 8441 } catch (error) { 8442 let e: BusinessError = error as BusinessError; 8443 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8444 } 8445 } 8446}) 8447``` 8448 8449### getCertIssuerX500DistinguishedName<sup>12+</sup> 8450 8451getCertIssuerX500DistinguishedName(): X500DistinguishedName 8452 8453获取证书颁发者的X509可分辨名称。 8454 8455**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8456 8457**系统能力:** SystemCapability.Security.Cert 8458 8459**返回值**: 8460 8461| 类型 | 说明 | 8462| ------- | ---------------------------------------------------- | 8463| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 8464 8465**错误码:** 8466 8467以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8468 8469| 错误码ID | 错误信息 | 8470| -------- | ----------------------- | 8471| 19020001 | memory error. | 8472| 19020002 | runtime error. | 8473| 19030001 | crypto operation error. | 8474 8475**示例:** 8476 8477```ts 8478import { cert } from '@kit.DeviceCertificateKit'; 8479import { BusinessError } from '@kit.BasicServicesKit'; 8480 8481// string转Uint8Array 8482function stringToUint8Array(str: string): Uint8Array { 8483 let arr: Array<number> = []; 8484 for (let i = 0, j = str.length; i < j; i++) { 8485 arr.push(str.charCodeAt(i)); 8486 } 8487 return new Uint8Array(arr); 8488} 8489 8490let crlData = '-----BEGIN X509 CRL-----\n' + 8491 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8492 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8493 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8494 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8495 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8496 'eavsH0Q3\n' + 8497 '-----END X509 CRL-----\n' 8498 8499let encodingBlob: cert.EncodingBlob = { 8500 data: stringToUint8Array(crlData), 8501 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8502 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8503}; 8504 8505async function certGetCertIssuerX500DistinguishedName() { 8506 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8507 try { 8508 x509Crl = await cert.createX509CRL(encodingBlob); 8509 console.log('createX509CRL success'); 8510 let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); 8511 } catch (error) { 8512 let e: BusinessError = error as BusinessError; 8513 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8514 } 8515} 8516``` 8517 8518### toString<sup>12+</sup> 8519 8520toString(): string 8521 8522获取对象的字符串类型数据。 8523 8524**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8525 8526**系统能力:** SystemCapability.Security.Cert 8527 8528**返回值**: 8529 8530| 类型 | 说明 | 8531| ------- | ---------------------------------------------------- | 8532| string | 对象的字符串类型数据。| 8533 8534**错误码:** 8535 8536以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8537 8538| 错误码ID | 错误信息 | 8539| -------- | ----------------------- | 8540| 19020001 | memory error. | 8541| 19020002 | runtime error. | 8542| 19030001 | crypto operation error. | 8543 8544**示例:** 8545 8546```ts 8547import { cert } from '@kit.DeviceCertificateKit'; 8548import { BusinessError } from '@kit.BasicServicesKit'; 8549 8550// string转Uint8Array 8551function stringToUint8Array(str: string): Uint8Array { 8552 let arr: Array<number> = []; 8553 for (let i = 0, j = str.length; i < j; i++) { 8554 arr.push(str.charCodeAt(i)); 8555 } 8556 return new Uint8Array(arr); 8557} 8558 8559let crlData = '-----BEGIN X509 CRL-----\n' + 8560 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8561 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8562 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8563 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8564 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8565 'eavsH0Q3\n' + 8566 '-----END X509 CRL-----\n' 8567 8568let encodingBlob: cert.EncodingBlob = { 8569 data: stringToUint8Array(crlData), 8570 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8571 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8572}; 8573 8574async function certToString() { 8575 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8576 try { 8577 x509Crl = await cert.createX509CRL(encodingBlob); 8578 console.log('createX509CRL success'); 8579 console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); 8580 } catch (error) { 8581 let e: BusinessError = error as BusinessError; 8582 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8583 } 8584} 8585``` 8586 8587### hashCode<sup>12+</sup> 8588 8589hashCode(): Uint8Array 8590 8591获取DER格式数据的哈希值。 8592 8593**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8594 8595**系统能力:** SystemCapability.Security.Cert 8596 8597**返回值**: 8598 8599| 类型 | 说明 | 8600| ------- | ---------------------------------------------------- | 8601| Uint8Array | DER格式数据的哈希值。| 8602 8603**错误码:** 8604 8605以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8606 8607| 错误码ID | 错误信息 | 8608| -------- | ----------------------- | 8609| 19020001 | memory error. | 8610| 19020002 | runtime error. | 8611| 19030001 | crypto operation error. | 8612 8613**示例:** 8614 8615```ts 8616import { cert } from '@kit.DeviceCertificateKit'; 8617import { BusinessError } from '@kit.BasicServicesKit'; 8618 8619// string转Uint8Array 8620function stringToUint8Array(str: string): Uint8Array { 8621 let arr: Array<number> = []; 8622 for (let i = 0, j = str.length; i < j; i++) { 8623 arr.push(str.charCodeAt(i)); 8624 } 8625 return new Uint8Array(arr); 8626} 8627 8628let crlData = '-----BEGIN X509 CRL-----\n' + 8629 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8630 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8631 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8632 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8633 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8634 'eavsH0Q3\n' + 8635 '-----END X509 CRL-----\n' 8636 8637let encodingBlob: cert.EncodingBlob = { 8638 data: stringToUint8Array(crlData), 8639 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8640 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8641}; 8642 8643async function certHashCode() { 8644 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8645 try { 8646 x509Crl = await cert.createX509CRL(encodingBlob); 8647 console.log('createX509CRL success'); 8648 console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); 8649 } catch (error) { 8650 let e: BusinessError = error as BusinessError; 8651 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8652 } 8653} 8654``` 8655 8656### getExtensionsObject<sup>12+</sup> 8657 8658getExtensionsObject(): CertExtension 8659 8660获取对应实体的扩展域DER格式数据。 8661 8662**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8663 8664**系统能力:** SystemCapability.Security.Cert 8665 8666**返回值**: 8667 8668| 类型 | 说明 | 8669| ------- | ---------------------------------------------------- | 8670| [CertExtension](#certextension10) | 证书扩展域段类对象。| 8671 8672**错误码:** 8673 8674以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8675 8676| 错误码ID | 错误信息 | 8677| -------- | ----------------------- | 8678| 19020001 | memory error. | 8679| 19020002 | runtime error. | 8680| 19030001 | crypto operation error. | 8681 8682**示例:** 8683 8684```ts 8685import { cert } from '@kit.DeviceCertificateKit'; 8686import { BusinessError } from '@kit.BasicServicesKit'; 8687 8688// string转Uint8Array 8689function stringToUint8Array(str: string): Uint8Array { 8690 let arr: Array<number> = []; 8691 for (let i = 0, j = str.length; i < j; i++) { 8692 arr.push(str.charCodeAt(i)); 8693 } 8694 return new Uint8Array(arr); 8695} 8696 8697let crlData = '-----BEGIN X509 CRL-----\n' + 8698 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 8699 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 8700 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 8701 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 8702 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 8703 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 8704 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 8705 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 8706 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + 8707 '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 8708 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 8709 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 8710 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 8711 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 8712 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 8713 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + 8714 '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 8715 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 8716 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 8717 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 8718 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 8719 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 8720 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 8721 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 8722 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 8723 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 8724 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 8725 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 8726 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + 8727 '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 8728 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 8729 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 8730 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 8731 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 8732 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 8733 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 8734 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 8735 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 8736 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 8737 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 8738 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 8739 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 8740 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 8741 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 8742 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 8743 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 8744 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 8745 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 8746 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 8747 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 8748 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 8749 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 8750 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + 8751 '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 8752 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 8753 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 8754 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 8755 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 8756 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 8757 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 8758 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 8759 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + 8760 '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 8761 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 8762 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 8763 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 8764 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 8765 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + 8766 '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 8767 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 8768 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + 8769 '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 8770 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + 8771 '-----END X509 CRL-----\n'; 8772 8773let encodingBlob: cert.EncodingBlob = { 8774 data: stringToUint8Array(crlData), 8775 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8776 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8777}; 8778 8779async function certGetExtensionsObject() { 8780 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8781 try { 8782 x509Crl = await cert.createX509CRL(encodingBlob); 8783 console.log('createX509CRL success'); 8784 let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); 8785 } catch (error) { 8786 let e: BusinessError = error as BusinessError; 8787 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8788 } 8789} 8790``` 8791 8792## cert.createCertCRLCollection<sup>11+</sup> 8793 8794createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 8795 8796表示创建证书和证书吊销列表集合对象,并返回相应的结果。 8797 8798**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8799 8800**系统能力:** SystemCapability.Security.Cert 8801 8802**参数**: 8803 8804| 参数名 | 类型 | 必填 | 说明 | 8805| -------- | ------------------------------------- | ---- | ------------------------------ | 8806| certs | Array\<[X509Cert](#x509cert)> | 是 | X509Cert数组。 | 8807| crls | Array\<[X509CRL](#x509crl11)> | 否 | X509CRL数组。 | 8808 8809**返回值**: 8810 8811| 类型 | 说明 | 8812| ------------------ | -------------------- | 8813| [CertCRLCollection](#certcrlcollection11) | 表示证书和证书吊销列表集合对象。 | 8814 8815**错误码:** 8816 8817以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8818 8819| 错误码ID | 错误信息 | 8820| -------- | ----------------------- | 8821| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 8822| 19020001 | memory error. | 8823 8824**示例:** 8825 8826```ts 8827import { cert } from '@kit.DeviceCertificateKit'; 8828import { BusinessError } from '@kit.BasicServicesKit'; 8829 8830// string转Uint8Array 8831function stringToUint8Array(str: string): Uint8Array { 8832 let arr: Array<number> = []; 8833 for (let i = 0, j = str.length; i < j; i++) { 8834 arr.push(str.charCodeAt(i)); 8835 } 8836 return new Uint8Array(arr); 8837} 8838 8839async function createX509CRL(): Promise<cert.X509CRL> { 8840 let crlData = '-----BEGIN X509 CRL-----\n' + 8841 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8842 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8843 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8844 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8845 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8846 'eavsH0Q3\n' + 8847 '-----END X509 CRL-----\n'; 8848 8849 // 证书吊销列表二进制数据,需业务自行赋值 8850 let encodingBlob: cert.EncodingBlob = { 8851 data: stringToUint8Array(crlData), 8852 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8853 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8854 }; 8855 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 8856 try { 8857 x509CRL = await cert.createX509CRL(encodingBlob); 8858 } catch (err) { 8859 let e: BusinessError = err as BusinessError; 8860 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8861 } 8862 return x509CRL; 8863} 8864 8865async function createX509Cert(): Promise<cert.X509Cert> { 8866 let certData = '-----BEGIN CERTIFICATE-----\n' + 8867 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 8868 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 8869 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 8870 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 8871 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 8872 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 8873 'Qw==\n' + 8874 '-----END CERTIFICATE-----\n'; 8875 8876 let encodingBlob: cert.EncodingBlob = { 8877 data: stringToUint8Array(certData), 8878 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8879 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8880 }; 8881 8882 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 8883 try { 8884 x509Cert = await cert.createX509Cert(encodingBlob); 8885 } catch (err) { 8886 let e: BusinessError = err as BusinessError; 8887 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8888 } 8889 return x509Cert; 8890} 8891 8892async function createCollection() { 8893 const x509Cert = await createX509Cert(); 8894 const x509CRL = await createX509CRL(); 8895 try { 8896 const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 8897 console.log('createCertCRLCollection success'); 8898 } catch (err) { 8899 console.error('createCertCRLCollection failed'); 8900 } 8901} 8902``` 8903 8904## CertCRLCollection<sup>11+</sup> 8905 8906证书和证书吊销列表集合对象。 8907 8908### selectCerts<sup>11+</sup> 8909 8910selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 8911 8912查找证书和证书吊销列表集合中所有与参数匹配的证书对象,使用Promise方式异步返回结果。 8913 8914**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8915 8916**系统能力:** SystemCapability.Security.Cert 8917 8918**参数**: 8919 8920| 参数名 | 类型 | 必填 | 说明 | 8921| --------- | ------------------------------- | ---- | ------------ | 8922| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 8923 8924**返回值**: 8925 8926| 类型 | 说明 | 8927| --------------------------------------- | --------------------------------------- | 8928| Promise\<Array\<[X509Cert](#x509cert)>> | Promise对象。表示匹配到的证书对象数组。 | 8929 8930**错误码:** 8931 8932以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8933 8934| 错误码ID | 错误信息 | 8935| -------- | ----------------------- | 8936| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 8937| 19020001 | memory error. | 8938| 19030001 | crypto operation error. | 8939 8940**示例:** 8941 8942```ts 8943import { cert } from '@kit.DeviceCertificateKit'; 8944import { BusinessError } from '@kit.BasicServicesKit'; 8945 8946// string转Uint8Array 8947function stringToUint8Array(str: string): Uint8Array { 8948 let arr: Array<number> = []; 8949 for (let i = 0, j = str.length; i < j; i++) { 8950 arr.push(str.charCodeAt(i)); 8951 } 8952 return new Uint8Array(arr); 8953} 8954 8955async function createX509Cert(): Promise<cert.X509Cert> { 8956 let certData = '-----BEGIN CERTIFICATE-----\n' + 8957 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 8958 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 8959 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 8960 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 8961 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 8962 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 8963 'Qw==\n' + 8964 '-----END CERTIFICATE-----\n'; 8965 8966 let encodingBlob: cert.EncodingBlob = { 8967 data: stringToUint8Array(certData), 8968 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 8969 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8970 }; 8971 8972 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 8973 try { 8974 x509Cert = await cert.createX509Cert(encodingBlob); 8975 } catch (err) { 8976 let e: BusinessError = err as BusinessError; 8977 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8978 } 8979 return x509Cert; 8980} 8981 8982async function selectCerts() { 8983 const x509Cert = await createX509Cert(); 8984 const collection = cert.createCertCRLCollection([x509Cert]); 8985 8986 try { 8987 const param: cert.X509CertMatchParameters = { 8988 x509Cert, 8989 validDate: '20231121074700Z', 8990 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 8991 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 8992 publicKeyAlgID: '1.2.840.10045.2.1' 8993 }; 8994 const certs = await collection.selectCerts(param); 8995 console.log('call selectCerts success'); 8996 } catch (err) { 8997 console.error('call selectCerts failed'); 8998 } 8999} 9000``` 9001 9002### selectCerts<sup>11+</sup> 9003 9004selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 9005 9006查找证书和证书吊销列表集合中所有与参数匹配的证书对象, 使用Callback回调异步返回结果。 9007 9008**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9009 9010**系统能力:** SystemCapability.Security.Cert 9011 9012**参数**: 9013 9014| 参数名 | 类型 | 必填 | 说明 | 9015| --------- | ------------------------------- | ---- | ----------------- | 9016| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 9017| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | 是 | 回调函数。表示匹配到的证书对象数组。 | 9018 9019**错误码:** 9020 9021以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9022 9023| 错误码ID | 错误信息 | 9024| -------- | ----------------------- | 9025| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9026| 19020001 | memory error. | 9027| 19030001 | crypto operation error. | 9028 9029**示例:** 9030 9031```ts 9032import { cert } from '@kit.DeviceCertificateKit'; 9033import { BusinessError } from '@kit.BasicServicesKit'; 9034 9035// string转Uint8Array 9036function stringToUint8Array(str: string): Uint8Array { 9037 let arr: Array<number> = []; 9038 for (let i = 0, j = str.length; i < j; i++) { 9039 arr.push(str.charCodeAt(i)); 9040 } 9041 return new Uint8Array(arr); 9042} 9043 9044async function createX509Cert(): Promise<cert.X509Cert> { 9045 let certData = '-----BEGIN CERTIFICATE-----\n' + 9046 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9047 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9048 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9049 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9050 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9051 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9052 'Qw==\n' + 9053 '-----END CERTIFICATE-----\n'; 9054 9055 let encodingBlob: cert.EncodingBlob = { 9056 data: stringToUint8Array(certData), 9057 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 9058 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9059 }; 9060 9061 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9062 try { 9063 x509Cert = await cert.createX509Cert(encodingBlob); 9064 } catch (err) { 9065 let e: BusinessError = err as BusinessError; 9066 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9067 } 9068 return x509Cert; 9069} 9070 9071async function selectCerts() { 9072 const x509Cert = await createX509Cert(); 9073 const collection = cert.createCertCRLCollection([x509Cert]); 9074 // 需业务自行赋值 9075 const param: cert.X509CertMatchParameters = { 9076 x509Cert, 9077 validDate: '20231121074700Z', 9078 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9079 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9080 publicKeyAlgID: '1.2.840.10045.2.1' 9081 }; 9082 collection.selectCerts(param, (err, certs) => { 9083 if (err) { 9084 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9085 } else { 9086 console.log('selectCerts success'); 9087 } 9088 }); 9089} 9090``` 9091 9092### selectCRLs<sup>11+</sup> 9093 9094selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 9095 9096查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Promise方式异步返回结果。 9097 9098**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9099 9100**系统能力:** SystemCapability.Security.Cert 9101 9102**参数**: 9103 9104| 参数名 | 类型 | 必填 | 说明 | 9105| --------- | ------------------------------- | ---- | ------------ | 9106| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数。 | 9107 9108**返回值**: 9109 9110| 类型 | 说明 | 9111| -------------- | ----------- | 9112| Promise\<Array\<[X509CRL](#x509crl11)>> | Promise对象。表示匹配到的证书吊销列表对象数组。 | 9113 9114**错误码:** 9115 9116以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9117 9118| 错误码ID | 错误信息 | 9119| -------- | ----------------------- | 9120| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9121| 19020001 | memory error. | 9122| 19030001 | crypto operation error. | 9123 9124**示例:** 9125 9126```ts 9127import { cert } from '@kit.DeviceCertificateKit'; 9128import { BusinessError } from '@kit.BasicServicesKit'; 9129 9130// string转Uint8Array 9131function stringToUint8Array(str: string): Uint8Array { 9132 let arr: Array<number> = []; 9133 for (let i = 0, j = str.length; i < j; i++) { 9134 arr.push(str.charCodeAt(i)); 9135 } 9136 return new Uint8Array(arr); 9137} 9138 9139async function createX509CRL(): Promise<cert.X509CRL> { 9140 let crlData = '-----BEGIN X509 CRL-----\n' + 9141 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9142 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9143 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9144 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9145 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9146 'eavsH0Q3\n' + 9147 '-----END X509 CRL-----\n'; 9148 9149 // 证书吊销列表二进制数据,需业务自行赋值 9150 let encodingBlob: cert.EncodingBlob = { 9151 data: stringToUint8Array(crlData), 9152 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 9153 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9154 }; 9155 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9156 try { 9157 x509CRL = await cert.createX509CRL(encodingBlob); 9158 } catch (err) { 9159 let e: BusinessError = err as BusinessError; 9160 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9161 } 9162 return x509CRL; 9163} 9164 9165async function createX509Cert(): Promise<cert.X509Cert> { 9166 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9167 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9168 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9169 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9170 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9171 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9172 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9173 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9174 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9175 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9176 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9177 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9178 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9179 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9180 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9181 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9182 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9183 "-----END CERTIFICATE-----\r\n"; 9184 const certEncodingBlob: cert.EncodingBlob = { 9185 data: stringToUint8Array(certData), 9186 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9187 }; 9188 9189 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9190 try { 9191 x509Cert = await cert.createX509Cert(certEncodingBlob); 9192 console.log('createX509Cert success'); 9193 } catch (err) { 9194 console.error('createX509Cert failed'); 9195 } 9196 return x509Cert; 9197} 9198 9199async function selectCRLs() { 9200 const x509CRL = await createX509CRL(); 9201 const x509Cert = await createX509Cert(); 9202 const collection = cert.createCertCRLCollection([], [x509CRL]); 9203 9204 const param: cert.X509CRLMatchParameters = { 9205 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9206 x509Cert: x509Cert 9207 } 9208 try { 9209 const crls = await collection.selectCRLs(param); 9210 console.log('selectCRLs success'); 9211 } catch (err) { 9212 console.error('selectCRLs failed'); 9213 } 9214} 9215``` 9216 9217### selectCRLs<sup>11+</sup> 9218 9219selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 9220 9221查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Callback回调异步返回结果。 9222 9223**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9224 9225**系统能力:** SystemCapability.Security.Cert 9226 9227**参数**: 9228 9229| 参数名 | 类型 | 必填 | 说明 | 9230| --------- | ------------------------------- | ---- | ----------------- | 9231| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数对象。 | 9232| callback | AsyncCallback\<Array\<[X509CRL](#x509crl11)>> | 是 | 回调函数。表示匹配到的证书吊销列表对象数组。 | 9233 9234**错误码:** 9235 9236以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9237 9238| 错误码ID | 错误信息 | 9239| -------- | ----------------------- | 9240| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9241| 19020001 | memory error. | 9242| 19030001 | crypto operation error. | 9243 9244**示例:** 9245 9246```ts 9247import { cert } from '@kit.DeviceCertificateKit'; 9248import { BusinessError } from '@kit.BasicServicesKit'; 9249 9250// string转Uint8Array 9251function stringToUint8Array(str: string): Uint8Array { 9252 let arr: Array<number> = []; 9253 for (let i = 0, j = str.length; i < j; i++) { 9254 arr.push(str.charCodeAt(i)); 9255 } 9256 return new Uint8Array(arr); 9257} 9258 9259async function createX509CRL(): Promise<cert.X509CRL> { 9260 let crlData = '-----BEGIN X509 CRL-----\n' + 9261 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9262 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9263 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9264 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9265 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9266 'eavsH0Q3\n' + 9267 '-----END X509 CRL-----\n'; 9268 9269 // 证书吊销列表二进制数据,需业务自行赋值 9270 let encodingBlob: cert.EncodingBlob = { 9271 data: stringToUint8Array(crlData), 9272 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 9273 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9274 }; 9275 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9276 try { 9277 x509CRL = await cert.createX509CRL(encodingBlob); 9278 } catch (err) { 9279 let e: BusinessError = err as BusinessError; 9280 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9281 } 9282 return x509CRL; 9283} 9284 9285async function createX509Cert(): Promise<cert.X509Cert> { 9286 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9287 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9288 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9289 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9290 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9291 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9292 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9293 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9294 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9295 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9296 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9297 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9298 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9299 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9300 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9301 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9302 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9303 "-----END CERTIFICATE-----\r\n"; 9304 const certEncodingBlob: cert.EncodingBlob = { 9305 data: stringToUint8Array(certData), 9306 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9307 }; 9308 9309 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9310 try { 9311 x509Cert = await cert.createX509Cert(certEncodingBlob); 9312 console.log('createX509Cert success'); 9313 } catch (err) { 9314 console.error('createX509Cert failed'); 9315 } 9316 return x509Cert; 9317} 9318 9319async function selectCRLs() { 9320 const x509CRL = await createX509CRL(); 9321 const x509Cert = await createX509Cert(); 9322 const collection = cert.createCertCRLCollection([], [x509CRL]); 9323 9324 const param: cert.X509CRLMatchParameters = { 9325 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9326 x509Cert: x509Cert 9327 } 9328 collection.selectCRLs(param, (err, crls) => { 9329 if (err) { 9330 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9331 } else { 9332 console.log('selectCRLs success'); 9333 } 9334 }); 9335} 9336``` 9337 9338## cert.createX509CertChain<sup>11+</sup> 9339 9340createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 9341 9342表示创建X509证书链对象,使用Promise方式异步返回结果。 9343 9344**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9345 9346**系统能力:** SystemCapability.Security.Cert 9347 9348**参数:** 9349 9350| 参数名 | 类型 | 必填 | 说明 | 9351| -------- | ----------------------------- | ---- | -------------------- | 9352| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9353 9354**返回值:** 9355 9356| 类型 | 说明 | 9357| ------------------------------- | ---------------- | 9358| Promise\<[X509CertChain](#x509certchain11)> | 表示X509证书链对象。 | 9359 9360**错误码:** 9361 9362以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9363 9364| 错误码ID | 错误信息 | 9365| -------- | ------------- | 9366| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9367| 19020001 | memory error. | 9368| 19030001 | crypto operation error. | 9369 9370**示例:** 9371 9372```ts 9373import { cert } from '@kit.DeviceCertificateKit'; 9374import { BusinessError } from '@kit.BasicServicesKit'; 9375 9376// string转Uint8Array 9377function stringToUint8Array(str: string): Uint8Array { 9378 let arr: Array<number> = []; 9379 for (let i = 0, j = str.length; i < j; i++) { 9380 arr.push(str.charCodeAt(i)); 9381 } 9382 return new Uint8Array(arr); 9383} 9384 9385async function createX509CertChain(): Promise<cert.X509CertChain> { 9386 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9387 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9388 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9389 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9390 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9391 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9392 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9393 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9394 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9395 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9396 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9397 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9398 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9399 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9400 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9401 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9402 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9403 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9404 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9405 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9406 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9407 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9408 "-----END CERTIFICATE-----\n" + 9409 "-----BEGIN CERTIFICATE-----\n" + 9410 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9411 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9412 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9413 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9414 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9415 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9416 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9417 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9418 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9419 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9420 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9421 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9422 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9423 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9424 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9425 "uKPWR9dKBA==\n" + 9426 "-----END CERTIFICATE-----\n" + 9427 "-----BEGIN CERTIFICATE-----\n" + 9428 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9429 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9430 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9431 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9432 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9433 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9434 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9435 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9436 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9437 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9438 "xjoE\n" + 9439 "-----END CERTIFICATE-----\n"; 9440 9441 // 证书链二进制数据,需业务自行赋值 9442 let encodingBlob: cert.EncodingBlob = { 9443 data: stringToUint8Array(certChainData), 9444 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 9445 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9446 }; 9447 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9448 try { 9449 x509CertChain = await cert.createX509CertChain(encodingBlob); 9450 } catch (error) { 9451 let e: BusinessError = error as BusinessError; 9452 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9453 } 9454 return x509CertChain; 9455} 9456 9457createX509CertChain(); 9458``` 9459 9460## cert.createX509CertChain<sup>11+</sup> 9461 9462createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 9463 9464表示创建X509证书链对象,使用Callback回调异步返回结果。 9465 9466**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9467 9468**系统能力:** SystemCapability.Security.Cert 9469 9470**参数:** 9471 9472| 参数名 | 类型 | 必填 | 说明 | 9473| -------- | ------------------------------------- | ---- | -------------------------- | 9474| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9475| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | 是 | 回调函数。表示X509证书链对象。 | 9476 9477**错误码:** 9478 9479以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9480 9481| 错误码ID | 错误信息 | 9482| -------- | ------------- | 9483| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9484| 19020001 | memory error. | 9485| 19030001 | crypto operation error. | 9486 9487**示例:** 9488 9489```ts 9490import { cert } from '@kit.DeviceCertificateKit'; 9491 9492// string转Uint8Array 9493function stringToUint8Array(str: string): Uint8Array { 9494 let arr: Array<number> = []; 9495 for (let i = 0, j = str.length; i < j; i++) { 9496 arr.push(str.charCodeAt(i)); 9497 } 9498 return new Uint8Array(arr); 9499} 9500 9501let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9502 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9503 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9504 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9505 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9506 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9507 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9508 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9509 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9510 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9511 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9512 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9513 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9514 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9515 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9516 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9517 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9518 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9519 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9520 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9521 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9522 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9523 "-----END CERTIFICATE-----\n" + 9524 "-----BEGIN CERTIFICATE-----\n" + 9525 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9526 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9527 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9528 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9529 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9530 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9531 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9532 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9533 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9534 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9535 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9536 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9537 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9538 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9539 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9540 "uKPWR9dKBA==\n" + 9541 "-----END CERTIFICATE-----\n" + 9542 "-----BEGIN CERTIFICATE-----\n" + 9543 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9544 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9545 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9546 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9547 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9548 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9549 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9550 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9551 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9552 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9553 "xjoE\n" + 9554 "-----END CERTIFICATE-----\n"; 9555 9556// 证书链二进制数据,需业务自行赋值 9557let encodingBlob: cert.EncodingBlob = { 9558 data: stringToUint8Array(certChainData), 9559 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 9560 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9561}; 9562 9563cert.createX509CertChain(encodingBlob, (err, certChain) => { 9564 if (err) { 9565 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9566 } else { 9567 console.log('createX509CertChain success'); 9568 } 9569}); 9570``` 9571 9572## cert.createX509CertChain<sup>11+</sup> 9573 9574createX509CertChain(certs: Array\<X509Cert>): X509CertChain 9575 9576表示使用X509Cert数组方式创建X509证书链对象,并同步返回结果。 9577 9578**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9579 9580**系统能力:** SystemCapability.Security.Cert 9581 9582**参数:** 9583 9584| 参数名 | 类型 | 必填 | 说明 | 9585| -------- | -------------------- | ---- | -------------------------- | 9586| certs | Array\<[X509Cert](#x509cert)> | 是 | X509证书对象数组。 | 9587 9588**返回值:** 9589 9590| 类型 | 说明 | 9591| --------------------------------- | -------------------- | 9592| [X509CertChain](#x509certchain11) | 表示X509证书链对象。 | 9593 9594**错误码:** 9595 9596以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9597 9598| 错误码ID | 错误信息 | 9599| -------- | ------------- | 9600| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9601| 19020001 | memory error. | 9602| 19030001 | crypto operation error. | 9603 9604**示例:** 9605 9606```ts 9607import { cert } from '@kit.DeviceCertificateKit'; 9608import { BusinessError } from '@kit.BasicServicesKit'; 9609 9610// string转Uint8Array 9611function stringToUint8Array(str: string): Uint8Array { 9612 let arr: Array<number> = []; 9613 for (let i = 0, j = str.length; i < j; i++) { 9614 arr.push(str.charCodeAt(i)); 9615 } 9616 return new Uint8Array(arr); 9617} 9618 9619async function createX509Cert(): Promise<cert.X509Cert> { 9620 let certData = '-----BEGIN CERTIFICATE-----\n' + 9621 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9622 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9623 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9624 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9625 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9626 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9627 'Qw==\n' + 9628 '-----END CERTIFICATE-----\n'; 9629 9630 // 证书二进制数据,需业务自行赋值 9631 let encodingBlob: cert.EncodingBlob = { 9632 data: stringToUint8Array(certData), 9633 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 9634 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9635 }; 9636 9637 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9638 try { 9639 x509Cert = await cert.createX509Cert(encodingBlob); 9640 } catch (error) { 9641 let e: BusinessError = error as BusinessError; 9642 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9643 } 9644 return x509Cert; 9645} 9646 9647async function createX509CertChain(): Promise<cert.X509CertChain> { 9648 const x509Cert = await createX509Cert(); 9649 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9650 try { 9651 x509CertChain = cert.createX509CertChain([x509Cert]); 9652 } catch (error) { 9653 let e: BusinessError = error as BusinessError; 9654 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9655 } 9656 return x509CertChain; 9657} 9658 9659createX509CertChain(); 9660``` 9661 9662## cert.buildX509CertChain<sup>12+</sup> 9663 9664buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\<CertChainBuildResult> 9665 9666表示使用CertChainBuildParameters对象方式创建X509证书链对象,并用Promise方式返回结果。 9667 9668**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9669 9670**系统能力:** SystemCapability.Security.Cert 9671 9672**参数:** 9673 9674| 参数名 | 类型 | 必填 | 说明 | 9675| -------- | -------------------- | ---- | -------------------------- | 9676| param | [CertChainBuildParameters](#certchainbuildparameters12) | 是 | 构建证书链的参数对象。 | 9677 9678**返回值:** 9679 9680| 类型 | 说明 | 9681| --------------------------------- | -------------------- | 9682| [CertChainBuildResult](#certchainbuildresult12) | 表示X509证书链对象。 | 9683 9684**错误码:** 9685 9686以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9687 9688| 错误码ID | 错误信息 | 9689| -------- | ------------------------------------------------- | 9690| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9691| 19020001 | memory error. | 9692| 19020002 | runtime error. | 9693| 19030001 | crypto operation error. | 9694| 19030002 | the certificate signature verification failed. | 9695| 19030003 | the certificate has not taken effect. | 9696| 19030004 | the certificate has expired. | 9697| 19030005 | failed to obtain the certificate issuer. | 9698| 19030006 | the key cannot be used for signing a certificate. | 9699| 19030007 | the key cannot be used for digital signature. | 9700 9701**示例:** 9702 9703```ts 9704import { cert } from '@kit.DeviceCertificateKit'; 9705import { BusinessError } from '@kit.BasicServicesKit'; 9706 9707// string转Uint8Array 9708function stringToUint8Array(str: string): Uint8Array { 9709 let arr: Array<number> = []; 9710 for (let i = 0, j = str.length; i < j; i++) { 9711 arr.push(str.charCodeAt(i)); 9712 } 9713 return new Uint8Array(arr); 9714} 9715 9716// 证书链数据 9717let certPem = '-----BEGIN CERTIFICATE-----\n' + 9718 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9719 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 9720 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 9721 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 9722 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 9723 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 9724 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 9725 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 9726 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 9727 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 9728 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 9729 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 9730 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 9731 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 9732 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 9733 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 9734 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 9735 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 9736 '-----END CERTIFICATE-----'; 9737 9738let caPem = '-----BEGIN CERTIFICATE-----\n' + 9739'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9740'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 9741'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 9742'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 9743'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 9744'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 9745'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 9746'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 9747'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 9748'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 9749'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 9750'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 9751'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 9752'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 9753'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 9754'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 9755'sSus\n' + 9756'-----END CERTIFICATE-----'; 9757 9758async function createX509Cert(certData: string): Promise<cert.X509Cert> { 9759 // 证书二进制数据,需业务自行赋值 9760 let encodingBlob: cert.EncodingBlob = { 9761 data: stringToUint8Array(certData), 9762 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER 9763 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9764 }; 9765 9766 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9767 try { 9768 x509Cert = await cert.createX509Cert(encodingBlob); 9769 } catch (error) { 9770 let e: BusinessError = error as BusinessError; 9771 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9772 } 9773 return x509Cert; 9774} 9775 9776async function buildX509CertChain() { 9777 try { 9778 const caCert = await createX509Cert(caPem); 9779 const x509Cert = await createX509Cert(certPem); 9780 let certCrlCollection = await cert.createCertCRLCollection([x509Cert]); 9781 let param: cert.CertChainBuildParameters = { 9782 certMatchParameters: {validDate:'20240812080000Z'}, 9783 maxLength: 3, 9784 validationParameters: { 9785 date: '20240812080000Z', 9786 certCRLs: [certCrlCollection], 9787 trustAnchors: [{CACert:caCert}, {CACert:caCert}], 9788 } 9789 } 9790 let certChainBuildResult = await cert.buildX509CertChain(param); 9791 console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) 9792 console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) 9793 } catch (error) { 9794 let e: BusinessError = error as BusinessError; 9795 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9796 } 9797} 9798 9799buildX509CertChain(); 9800``` 9801 9802## cert.createTrustAnchorsWithKeyStore<sup>12+</sup> 9803 9804createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array\<[X509TrustAnchor](#x509trustanchor11)>> 9805 9806表示从P12文件中读取ca证书来构造[TrustAnchor](#x509trustanchor11)对象数组,并用Promise方式返回结果。 9807 9808**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9809 9810**系统能力:** SystemCapability.Security.Cert 9811 9812**参数:** 9813 9814| 参数名 | 类型 | 必填 | 说明 | 9815| -------- | -------------------- | ---- | -------------------------- | 9816| keystore | Uint8Array | 是 | p12文件,DER格式。 | 9817| pwd | string | 是 | p12文件的密码。 | 9818 9819**返回值:** 9820 9821| 类型 | 说明 | 9822| --------------------------------- | -------------------- | 9823| Array\<[X509TrustAnchor](#x509trustanchor11)> | 表示X509TrustAnchor对象数组。 | 9824 9825**错误码:** 9826 9827以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9828 9829| 错误码ID | 错误信息 | 9830| -------- | ------------------------------------------------- | 9831| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9832| 19020001 | memory error. | 9833| 19020002 | runtime error. | 9834| 19030001 | crypto operation error. | 9835| 19030002 | the certificate signature verification failed. | 9836| 19030003 | the certificate has not taken effect. | 9837| 19030004 | the certificate has expired. | 9838| 19030005 | failed to obtain the certificate issuer. | 9839| 19030006 | the key cannot be used for signing a certificate. | 9840| 19030007 | the key cannot be used for digital signature. | 9841 9842**示例:** 9843 9844```ts 9845import { cert } from '@kit.DeviceCertificateKit'; 9846import { BusinessError } from '@kit.BasicServicesKit'; 9847 9848try { 9849 cert.createTrustAnchorsWithKeyStore( 9850 new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), 9851 '123456').then((data) => { 9852 console.log('createTrustAnchorsWithKeyStore sucess, number of the result is: ' + JSON.stringify(data.length)); 9853 }).catch((err : BusinessError) => { 9854 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); 9855 }) 9856} catch (error) { 9857 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); 9858} 9859``` 9860 9861## X509CertChain<sup>11+</sup> 9862 9863X509证书链对象。 9864 9865### getCertList<sup>11+</sup> 9866 9867getCertList(): Array\<X509Cert> 9868 9869获取X509证书列表。 9870 9871**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9872 9873**系统能力:** SystemCapability.Security.Cert 9874 9875**返回值**: 9876 9877| 类型 | 说明 | 9878| -------------- | ----------- | 9879| Array\<[X509Cert](#x509cert)> | X509证书数组。 | 9880 9881**错误码:** 9882 9883以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9884 9885| 错误码ID | 错误信息 | 9886| -------- | ----------------------- | 9887| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9888| 19020001 | memory error. | 9889| 19030001 | crypto operation error. | 9890 9891**示例:** 9892 9893```ts 9894import { cert } from '@kit.DeviceCertificateKit'; 9895import { BusinessError } from '@kit.BasicServicesKit'; 9896 9897// string转Uint8Array 9898function stringToUint8Array(str: string): Uint8Array { 9899 let arr: Array<number> = []; 9900 for (let i = 0, j = str.length; i < j; i++) { 9901 arr.push(str.charCodeAt(i)); 9902 } 9903 return new Uint8Array(arr); 9904} 9905 9906let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9907 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9908 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9909 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9910 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9911 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9912 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9913 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9914 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9915 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9916 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9917 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9918 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9919 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9920 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9921 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9922 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9923 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9924 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9925 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9926 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9927 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9928 "-----END CERTIFICATE-----\n" + 9929 "-----BEGIN CERTIFICATE-----\n" + 9930 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9931 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9932 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9933 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9934 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9935 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9936 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9937 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9938 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9939 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9940 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9941 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9942 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9943 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9944 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9945 "uKPWR9dKBA==\n" + 9946 "-----END CERTIFICATE-----\n" + 9947 "-----BEGIN CERTIFICATE-----\n" + 9948 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9949 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9950 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9951 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9952 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9953 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9954 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9955 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9956 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9957 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9958 "xjoE\n" + 9959 "-----END CERTIFICATE-----\n"; 9960 9961// 证书链二进制数据,需业务自行赋值 9962let encodingBlob: cert.EncodingBlob = { 9963 data: stringToUint8Array(certChainData), 9964 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 9965 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9966}; 9967 9968cert.createX509CertChain(encodingBlob, (err, certChain) => { 9969 if (err) { 9970 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9971 } else { 9972 console.log('createX509CertChain success'); 9973 try { 9974 let certList = certChain.getCertList(); 9975 } catch (err) { 9976 let e: BusinessError = err as BusinessError; 9977 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9978 } 9979 } 9980}); 9981``` 9982 9983### validate<sup>11+</sup> 9984 9985validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 9986 9987校验证书链,并使用Promise方式异步返回结果。 9988 9989**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9990 9991**系统能力:** SystemCapability.Security.Cert 9992 9993**参数**: 9994 9995| 参数名 | 类型 | 必填 | 说明 | 9996| --------- | ------------------------------- | ---- | ----------------- | 9997| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 9998 9999**返回值**: 10000 10001| 类型 | 说明 | 10002| ------------------------------------------------------------ | --------------------------------- | 10003| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise对象,返回证书链校验结果。 | 10004 10005**错误码:** 10006 10007以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10008 10009| 错误码ID | 错误信息 | 10010| -------- | ----------------------- | 10011| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10012| 19020001 | memory error. | 10013| 19020002 | runtime error. | 10014| 19030001 | crypto operation error. | 10015| 19030002 | the certificate signature verification failed. | 10016| 19030003 | the certificate has not taken effect. | 10017| 19030004 | the certificate has expired. | 10018| 19030005 | failed to obtain the certificate issuer. | 10019| 19030006 | the key cannot be used for signing a certificate. | 10020| 19030007 | the key cannot be used for digital signature. | 10021 10022**示例:** 10023 10024```ts 10025import { cert } from '@kit.DeviceCertificateKit'; 10026import { BusinessError } from '@kit.BasicServicesKit'; 10027 10028// string转Uint8Array 10029function stringToUint8Array(str: string): Uint8Array { 10030 let arr: Array<number> = []; 10031 for (let i = 0, j = str.length; i < j; i++) { 10032 arr.push(str.charCodeAt(i)); 10033 } 10034 return new Uint8Array(arr); 10035} 10036 10037async function createX509CertChain(): Promise<cert.X509CertChain> { 10038 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10039 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10040 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10041 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10042 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10043 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10044 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10045 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10046 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10047 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10048 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10049 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10050 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10051 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10052 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10053 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10054 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10055 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10056 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10057 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10058 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10059 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10060 "-----END CERTIFICATE-----\n" + 10061 "-----BEGIN CERTIFICATE-----\n" + 10062 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10063 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10064 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10065 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10066 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10067 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10068 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10069 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10070 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10071 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10072 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10073 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10074 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10075 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10076 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10077 "uKPWR9dKBA==\n" + 10078 "-----END CERTIFICATE-----\n" + 10079 "-----BEGIN CERTIFICATE-----\n" + 10080 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10081 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10082 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10083 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10084 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10085 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10086 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10087 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10088 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10089 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10090 "xjoE\n" + 10091 "-----END CERTIFICATE-----\n"; 10092 10093 // 证书链二进制数据,需业务自行赋值 10094 let encodingBlob: cert.EncodingBlob = { 10095 data: stringToUint8Array(certChainData), 10096 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 10097 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10098 }; 10099 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10100 try { 10101 x509CertChain = await cert.createX509CertChain(encodingBlob); 10102 } 10103 catch (error) { 10104 let e: BusinessError = error as BusinessError; 10105 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10106 } 10107 return x509CertChain; 10108} 10109 10110async function validate() { 10111 const certChain = await createX509CertChain(); 10112 // 证书链校验数据,需业务自行赋值 10113 const param: cert.CertChainValidationParameters = { 10114 date: '20231212080000Z', 10115 trustAnchors: [{ 10116 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10117 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10118 }] 10119 } 10120 try { 10121 const validationRes = await certChain.validate(param); 10122 console.log('X509CertChain validate success'); 10123 } 10124 catch (err) { 10125 console.error('X509CertChain validate failed'); 10126 } 10127} 10128 10129validate(); 10130``` 10131 10132### validate<sup>11+</sup> 10133 10134validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 10135 10136使用校验参数校验证书链并使用callback方式异步返回结果。 10137 10138**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10139 10140**系统能力:** SystemCapability.Security.Cert 10141 10142**参数**: 10143 10144| 参数名 | 类型 | 必填 | 说明 | 10145| --------- | ------------------------------- | ---- | ------------ | 10146| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 10147| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | 是 | 回调函数。返回证书链校验结果。 | 10148 10149**错误码:** 10150 10151以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10152 10153| 错误码ID | 错误信息 | 10154| -------- | ----------------------- | 10155| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10156| 19020001 | memory error. | 10157| 19020002 | runtime error. | 10158| 19030001 | crypto operation error. | 10159| 19030002 | the certificate signature verification failed. | 10160| 19030003 | the certificate has not taken effect. | 10161| 19030004 | the certificate has expired. | 10162| 19030005 | failed to obtain the certificate issuer. | 10163| 19030006 | the key cannot be used for signing a certificate. | 10164| 19030007 | the key cannot be used for digital signature. | 10165 10166**示例:** 10167 10168```ts 10169import { cert } from '@kit.DeviceCertificateKit'; 10170 10171// string转Uint8Array 10172function stringToUint8Array(str: string): Uint8Array { 10173 let arr: Array<number> = []; 10174 for (let i = 0, j = str.length; i < j; i++) { 10175 arr.push(str.charCodeAt(i)); 10176 } 10177 return new Uint8Array(arr); 10178} 10179 10180let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10181 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10182 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10183 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10184 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10185 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10186 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10187 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10188 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10189 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10190 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10191 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10192 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10193 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10194 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10195 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10196 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10197 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10198 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10199 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10200 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10201 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10202 "-----END CERTIFICATE-----\n" + 10203 "-----BEGIN CERTIFICATE-----\n" + 10204 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10205 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10206 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10207 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10208 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10209 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10210 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10211 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10212 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10213 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10214 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10215 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10216 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10217 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10218 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10219 "uKPWR9dKBA==\n" + 10220 "-----END CERTIFICATE-----\n" + 10221 "-----BEGIN CERTIFICATE-----\n" + 10222 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10223 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10224 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10225 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10226 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10227 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10228 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10229 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10230 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10231 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10232 "xjoE\n" + 10233 "-----END CERTIFICATE-----\n"; 10234 10235// 证书链二进制数据,需业务自行赋值 10236let encodingBlob: cert.EncodingBlob = { 10237 data: stringToUint8Array(certChainData), 10238 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 10239 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10240}; 10241 10242// 证书链校验数据,需业务自行赋值 10243let param: cert.CertChainValidationParameters = { 10244 date: '20231212080000Z', 10245 trustAnchors: [{ 10246 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10247 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10248 }] 10249}; 10250 10251cert.createX509CertChain(encodingBlob, (err, certChain) => { 10252 if (err) { 10253 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10254 } else { 10255 console.log('createX509CertChain success'); 10256 certChain.validate(param, (error, validationRes) => { 10257 if (error) { 10258 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 10259 } else { 10260 console.log('X509CertChain validate success'); 10261 } 10262 }); 10263 } 10264}); 10265``` 10266 10267### toString<sup>12+</sup> 10268 10269toString(): string 10270 10271获取对象的字符串类型数据。 10272 10273**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10274 10275**系统能力:** SystemCapability.Security.Cert 10276 10277**返回值**: 10278 10279| 类型 | 说明 | 10280| ------- | ---------------------------------------------------- | 10281| string | 对象的字符串类型数据。| 10282 10283**错误码:** 10284 10285以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10286 10287| 错误码ID | 错误信息 | 10288| -------- | ----------------------- | 10289| 19020001 | memory error. | 10290| 19020002 | runtime error. | 10291| 19030001 | crypto operation error. | 10292 10293**示例:** 10294 10295```ts 10296import { cert } from '@kit.DeviceCertificateKit'; 10297import { BusinessError } from '@kit.BasicServicesKit'; 10298 10299// string转Uint8Array 10300function stringToUint8Array(str: string): Uint8Array { 10301 let arr: Array<number> = []; 10302 for (let i = 0, j = str.length; i < j; i++) { 10303 arr.push(str.charCodeAt(i)); 10304 } 10305 return new Uint8Array(arr); 10306} 10307 10308let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10309 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10310 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10311 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10312 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10313 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10314 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10315 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10316 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10317 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10318 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10319 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10320 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10321 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10322 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10323 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10324 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10325 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10326 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10327 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10328 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10329 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10330 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10331 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10332 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10333 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10334 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10335 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10336 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10337 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10338 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10339 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10340 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10341 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10342 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10343 '-----END CERTIFICATE-----\n' + 10344 '-----BEGIN CERTIFICATE-----\n' + 10345 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10346 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10347 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10348 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10349 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10350 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10351 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10352 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10353 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10354 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10355 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10356 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10357 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10358 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10359 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10360 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10361 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10362 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10363 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10364 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10365 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10366 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10367 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10368 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10369 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10370 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10371 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10372 'tPO+\n' + 10373 '-----END CERTIFICATE-----\n'; 10374 10375// 证书链二进制数据,需业务自行赋值 10376let encodingBlob: cert.EncodingBlob = { 10377 data: stringToUint8Array(certChainData), 10378 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 10379 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10380}; 10381 10382async function certChainToString() { 10383 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10384 try { 10385 x509CertChain = await cert.createX509CertChain(encodingBlob); 10386 console.log('createX509CertChain success'); 10387 console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); 10388 } catch (error) { 10389 let e: BusinessError = error as BusinessError; 10390 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10391 } 10392} 10393``` 10394### hashCode<sup>12+</sup> 10395 10396hashCode(): Uint8Array 10397 10398获取DER格式数据的哈希值。 10399 10400**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10401 10402**系统能力:** SystemCapability.Security.Cert 10403 10404**返回值**: 10405 10406| 类型 | 说明 | 10407| ------- | ---------------------------------------------------- | 10408| Uint8Array | DER格式数据的哈希值。| 10409 10410**错误码:** 10411 10412以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10413 10414| 错误码ID | 错误信息 | 10415| -------- | ----------------------- | 10416| 19020001 | memory error. | 10417| 19020002 | runtime error. | 10418| 19030001 | crypto operation error. | 10419 10420**示例:** 10421 10422```ts 10423import { cert } from '@kit.DeviceCertificateKit'; 10424import { BusinessError } from '@kit.BasicServicesKit'; 10425 10426// string转Uint8Array 10427function stringToUint8Array(str: string): Uint8Array { 10428 let arr: Array<number> = []; 10429 for (let i = 0, j = str.length; i < j; i++) { 10430 arr.push(str.charCodeAt(i)); 10431 } 10432 return new Uint8Array(arr); 10433} 10434 10435let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10436 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10437 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10438 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10439 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10440 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10441 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10442 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10443 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10444 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10445 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10446 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10447 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10448 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10449 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10450 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10451 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10452 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10453 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10454 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10455 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10456 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10457 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10458 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10459 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10460 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10461 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10462 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10463 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10464 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10465 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10466 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10467 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10468 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10469 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10470 '-----END CERTIFICATE-----\n' + 10471 '-----BEGIN CERTIFICATE-----\n' + 10472 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10473 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10474 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10475 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10476 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10477 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10478 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10479 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10480 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10481 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10482 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10483 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10484 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10485 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10486 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10487 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10488 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10489 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10490 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10491 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10492 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10493 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10494 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10495 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10496 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10497 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10498 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10499 'tPO+\n' + 10500 '-----END CERTIFICATE-----\n'; 10501 10502// 证书链二进制数据,需业务自行赋值 10503let encodingBlob: cert.EncodingBlob = { 10504 data: stringToUint8Array(certChainData), 10505 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7 10506 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10507}; 10508 10509async function certChainHashCode() { 10510 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10511 try { 10512 x509CertChain = await cert.createX509CertChain(encodingBlob); 10513 console.log('createX509CertChain success'); 10514 console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); 10515 } catch (error) { 10516 let e: BusinessError = error as BusinessError; 10517 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10518 } 10519} 10520``` 10521## cert.createX500DistinguishedName<sup>12+</sup> 10522 10523createX500DistinguishedName(nameStr: string): Promise\<X500DistinguishedName> 10524 10525表示使用字符串格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 10526 10527**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10528 10529**系统能力:** SystemCapability.Security.Cert 10530 10531**参数:** 10532 10533| 参数名 | 类型 | 必填 | 说明 | 10534| -------- | ----------------------------- | ---- | -------------------- | 10535| nameStr | string | 是 |X509定义的string类型的Name字符串格式数据。| 10536 10537**返回值:** 10538 10539| 类型 | 说明 | 10540| ------------------------------- | ---------------- | 10541| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 10542 10543**错误码:** 10544 10545以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10546 10547| 错误码ID | 错误信息 | 10548| -------- | ------------- | 10549| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10550| 19020001 | memory error. | 10551| 19020002 | runtime error. | 10552| 19030001 | crypto operation error. | 10553| 19030002 | the certificate signature verification failed. | 10554| 19030003 | the certificate has not taken effect. | 10555| 19030004 | the certificate has expired. | 10556| 19030005 | failed to obtain the certificate issuer. | 10557| 19030006 | the key cannot be used for signing a certificate. | 10558| 19030007 | the key cannot be used for digital signature. | 10559 10560**示例:** 10561 10562```ts 10563import { cert } from '@kit.DeviceCertificateKit'; 10564import { BusinessError } from '@kit.BasicServicesKit'; 10565 10566// string转Uint8Array 10567function stringToUint8Array(str: string): Uint8Array { 10568 let arr: Array<number> = []; 10569 for (let i = 0, j = str.length; i < j; i++) { 10570 arr.push(str.charCodeAt(i)); 10571 } 10572 return new Uint8Array(arr); 10573} 10574 10575let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 10576async function createX500DistinguishedName() { 10577 try { 10578 cert.createX500DistinguishedName(nameStr) 10579 .then((data) => { 10580 console.log('createX500DistinguishedName success'); 10581 }) 10582 .catch((err: BusinessError) => { 10583 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10584 }) 10585 } catch (error) { 10586 let e: BusinessError = error as BusinessError; 10587 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10588 } 10589} 10590``` 10591 10592## cert.createX500DistinguishedName<sup>12+</sup> 10593 10594createX500DistinguishedName(nameDer: Uint8Array): Promise\<X500DistinguishedName> 10595 10596表示使用DER格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 10597 10598**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10599 10600**系统能力:** SystemCapability.Security.Cert 10601 10602**参数:** 10603 10604| 参数名 | 类型 | 必填 | 说明 | 10605| -------- | ----------------------------- | ---- | -------------------- | 10606| nameDer | Uint8Array | 是 |X509定义的Uint8Array类型的DER格式数据。| 10607 10608**返回值:** 10609 10610| 类型 | 说明 | 10611| ------------------------------- | ---------------- | 10612| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 10613 10614**错误码:** 10615 10616以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10617 10618| 错误码ID | 错误信息 | 10619| -------- | ------------- | 10620| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10621| 19020001 | memory error. | 10622| 19020002 | runtime error. | 10623| 19030001 | crypto operation error. | 10624| 19030002 | the certificate signature verification failed. | 10625| 19030003 | the certificate has not taken effect. | 10626| 19030004 | the certificate has expired. | 10627| 19030005 | failed to obtain the certificate issuer. | 10628| 19030006 | the key cannot be used for signing a certificate. | 10629| 19030007 | the key cannot be used for digital signature. | 10630 10631**示例:** 10632 10633```ts 10634import { cert } from '@kit.DeviceCertificateKit'; 10635import { BusinessError } from '@kit.BasicServicesKit'; 10636 10637let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 10638async function createX500DistinguishedName() { 10639 try { 10640 cert.createX500DistinguishedName(nameDer) 10641 .then((data) => { 10642 console.log('createX500DistinguishedName success'); 10643 }) 10644 .catch((err: BusinessError) => { 10645 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10646 }) 10647 } catch (error) { 10648 let e: BusinessError = error as BusinessError; 10649 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10650 } 10651} 10652``` 10653## X500DistinguishedName<sup>12+</sup> 10654 10655X509定义的Name类型的对象。 10656 10657### getName<sup>12+</sup> 10658 10659getName(): string 10660 10661获取可分辨名的字符串。 10662 10663**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10664 10665**系统能力:** SystemCapability.Security.Cert 10666 10667**返回值**: 10668 10669| 类型 | 说明 | 10670| ------- | ------------------------------------------------- | 10671| string | 可分辨名的字符串。| 10672 10673**错误码:** 10674 10675以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10676 10677| 错误码ID | 错误信息 | 10678| -------- | ------------- | 10679| 19020001 | memory error. | 10680| 19020002 | runtime error. | 10681| 19030001 | crypto operation error. | 10682 10683**示例:** 10684 10685```ts 10686import { cert } from '@kit.DeviceCertificateKit'; 10687import { BusinessError } from '@kit.BasicServicesKit'; 10688 10689let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 10690async function getName() { 10691 try { 10692 cert.createX500DistinguishedName(nameDer) 10693 .then((data) => { 10694 console.log('createX500DistinguishedName success'); 10695 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) 10696 }) 10697 .catch((err: BusinessError) => { 10698 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10699 }) 10700 } catch (error) { 10701 let e: BusinessError = error as BusinessError; 10702 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10703 } 10704} 10705``` 10706 10707### getName<sup>12+</sup> 10708 10709getName(type: string): Array\<string> 10710 10711按类型获取可分辨名的字符串。 10712 10713**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10714 10715**系统能力:** SystemCapability.Security.Cert 10716 10717**参数**: 10718 10719| 参数名 | 类型 | 必填 | 说明 | 10720| ------------ | ------ | ---- | -------------- | 10721| type | string | 是 | 指定类型的名称。| 10722 10723**返回值**: 10724 10725| 类型 | 说明 | 10726| ------- | ------------------------------------------------- | 10727| Array\<string> | 可分辨名的字符串数组。| 10728 10729**错误码:** 10730 10731以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10732 10733| 错误码ID | 错误信息 | 10734| -------- | ------------- | 10735| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10736| 19020001 | memory error. | 10737| 19020002 | runtime error. | 10738| 19030001 | crypto operation error. | 10739 10740**示例:** 10741 10742```ts 10743import { cert } from '@kit.DeviceCertificateKit'; 10744import { BusinessError } from '@kit.BasicServicesKit'; 10745 10746let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 10747async function getName() { 10748 try { 10749 cert.createX500DistinguishedName(nameStr) 10750 .then((data) => { 10751 console.log('createX500DistinguishedName success'); 10752 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) 10753 }) 10754 .catch((err: BusinessError) => { 10755 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10756 }) 10757 } catch (error) { 10758 let e: BusinessError = error as BusinessError; 10759 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10760 } 10761} 10762``` 10763 10764### getEncoded<sup>12+</sup> 10765 10766getEncoded(): EncodingBlob 10767 10768获取X509证书扩展域的数据。 10769 10770**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10771 10772**系统能力:** SystemCapability.Security.Cert 10773 10774**返回值**: 10775 10776| 类型 | 说明 | 10777| ------- | ------------------------------------------------- | 10778| [EncodingBlob](#encodingblob) | X509证书序列化数据。| 10779 10780**错误码:** 10781 10782以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10783 10784| 错误码ID | 错误信息 | 10785| -------- | ------------- | 10786| 19020001 | memory error. | 10787| 19020002 | runtime error. | 10788| 19030001 | crypto operation error. | 10789 10790**示例:** 10791 10792```ts 10793import { cert } from '@kit.DeviceCertificateKit'; 10794import { BusinessError } from '@kit.BasicServicesKit'; 10795 10796let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 10797async function getEncoded() { 10798 try { 10799 cert.createX500DistinguishedName(nameStr) 10800 .then((data) => { 10801 console.log('createX500DistinguishedName success'); 10802 let encodingBlobData = data.getEncoded(); 10803 }) 10804 .catch((err: BusinessError) => { 10805 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10806 }) 10807 } catch (error) { 10808 let e: BusinessError = error as BusinessError; 10809 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10810 } 10811} 10812```