证书集合及证书吊销列表集合对象的创建和获取
从输入的证书集合和证书吊销列表集合中选择满足条件的证书或者证书吊销列表。
开发步骤
-
导入证书算法库框架模块。
import certFramework from '@ohos.security.cert';
-
基于已有的证书数据,调用cryptoCert.createX509Cert创建X509证书的对象。
-
基于已有的CRL数据,调用cryptoCert.createX509CRL创建X509证书吊销列表的对象。
-
调用cryptoCert.createCertCRLCollection创建CertCRLCollection的对象,并返回相应的结果。
-
调用CertCRLCollection.selectCerts查找所有与X509CertMatchParameters匹配的证书对象数组,并返回结果。
-
调用CertCRLCollection.selectCRLs查找所有与X509CRLMatchParameters匹配的证书吊销列表数组,并返回结果。
import certFramework from '@ohos.security.cert';
import { BusinessError } from '@ohos.base';
import util from '@ohos.util';
async function createX509CRL(): Promise<certFramework.X509CRL> {
let crlData = '-----BEGIN X509 CRL-----\n' +
'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' +
'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' +
'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' +
'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' +
'5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' +
'eavsH0Q3\n' +
'-----END X509 CRL-----\n';
// 证书吊销列表二进制数据,需业务自行赋值
let textEncoder = new util.TextEncoder();
let encodingBlob: certFramework.EncodingBlob = {
data: textEncoder.encodeInto(crlData),
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: certFramework.EncodingFormat.FORMAT_PEM
};
let x509CRL: certFramework.X509CRL = {} as certFramework.X509CRL;
try {
x509CRL = await certFramework.createX509CRL(encodingBlob);
} catch (err) {
let e: BusinessError = err as BusinessError;
console.error(`createX509CRL failed, errCode: ${e.code}, errMsg: ${e.message}`);
}
return x509CRL;
}
async function createX509Cert(): Promise<certFramework.X509Cert> {
let certData = '-----BEGIN CERTIFICATE-----\n' +
'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' +
'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' +
'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' +
'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' +
'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' +
'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' +
'Qw==\n' +
'-----END CERTIFICATE-----\n';
let textEncoder = new util.TextEncoder();
let encodingBlob: certFramework.EncodingBlob = {
data: textEncoder.encodeInto(certData),
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: certFramework.EncodingFormat.FORMAT_PEM
};
let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert;
try {
x509Cert = await certFramework.createX509Cert(encodingBlob);
} catch (err) {
let e: BusinessError = err as BusinessError;
console.error(`createX509Cert failed, errCode: ${e.code}, errMsg: ${e.message}`);
}
return x509Cert;
}
async function sample() {
const x509Cert = await createX509Cert();
const x509CRL = await createX509CRL();
let collection: certFramework.CertCRLCollection = {} as certFramework.CertCRLCollection;
try {
collection = certFramework.createCertCRLCollection([x509Cert], [x509CRL]);
console.log('createCertCRLCollection success');
} catch (err) {
console.error('createCertCRLCollection failed');
}
const certParam: certFramework.X509CertMatchParameters = {
validDate: '231128000000Z'
}
try {
let certs: certFramework.X509Cert[] = await collection.selectCerts(certParam);
} catch (err) {
console.error('selectCerts failed');
}
const crlParam: certFramework.X509CRLMatchParameters = {
x509Cert: x509Cert
}
try {
let crls: certFramework.X509CRL[] = await collection.selectCRLs(crlParam);
console.error('selectCRLs success');
} catch (err) {
console.error('selectCRLs failed');
}
}