Certificate and CRL Collection Development
This topic walks you through on how to filter certificates or CRLs based on a CertCRLCollection object.
How to Develop
-
Import the certFramework module.
import { cert } from '@kit.DeviceCertificateKit'; -
Use cert.createX509Cert to create an X.509 certificate object.
-
Use cert.createX509CRL to create an X.509 CRL object.
-
Use cert.createCertCRLCollection to create a CertCRLCollection object.
-
Use CertCRLCollection.selectCerts to search for all certificates that match X509CertMatchParameters.
-
Use CertCRLCollection.selectCRLs to search for all CRLs that match X509CRLMatchParameters.
import { cert } from '@kit.DeviceCertificateKit';
import { BusinessError } from '@kit.BasicServicesKit';
import { util } from '@kit.ArkTS';
async function createX509CRL(): Promise<cert.X509CRL> {
let crlData = '-----BEGIN X509 CRL-----\n' +
'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' +
'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' +
'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' +
'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' +
'5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' +
'eavsH0Q3\n' +
'-----END X509 CRL-----\n';
// Binary data of the CRL, which needs to match your case.
let textEncoder = new util.TextEncoder();
let encodingBlob: cert.EncodingBlob = {
data: textEncoder.encodeInto(crlData),
// Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported.
encodingFormat: cert.EncodingFormat.FORMAT_PEM
};
let x509CRL: cert.X509CRL = {} as cert.X509CRL;
try {
x509CRL = await cert.createX509CRL(encodingBlob);
} catch (err) {
let e: BusinessError = err as BusinessError;
console.error(`createX509CRL failed, errCode: ${e.code}, errMsg: ${e.message}`);
}
return x509CRL;
}
async function createX509Cert(): Promise<cert.X509Cert> {
let certData = '-----BEGIN CERTIFICATE-----\n' +
'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' +
'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' +
'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' +
'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' +
'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' +
'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' +
'Qw==\n' +
'-----END CERTIFICATE-----\n';
let textEncoder = new util.TextEncoder();
let encodingBlob: cert.EncodingBlob = {
data: textEncoder.encodeInto(certData),
// Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported.
encodingFormat: cert.EncodingFormat.FORMAT_PEM
};
let x509Cert: cert.X509Cert = {} as cert.X509Cert;
try {
x509Cert = await cert.createX509Cert(encodingBlob);
} catch (err) {
let e: BusinessError = err as BusinessError;
console.error(`createX509Cert failed, errCode: ${e.code}, errMsg: ${e.message}`);
}
return x509Cert;
}
async function sample() {
const x509Cert = await createX509Cert();
const x509CRL = await createX509CRL();
let collection: cert.CertCRLCollection = {} as cert.CertCRLCollection;
try {
collection = cert.createCertCRLCollection([x509Cert], [x509CRL]);
console.info('createCertCRLCollection result: success.');
} catch (err) {
console.error(`createCertCRLCollection failed: errCode: ${err.code}, message: ${err.message}`);
}
const certParam: cert.X509CertMatchParameters = {
validDate: '231128000000Z'
}
try {
let certs: cert.X509Cert[] = await collection.selectCerts(certParam);
} catch (err) {
console.error(`selectCerts failed: errCode: ${err.code}, message: ${err.message}`);
}
const crlParam: cert.X509CRLMatchParameters = {
x509Cert: x509Cert
}
try {
let crls: cert.X509CRL[] = await collection.selectCRLs(crlParam);
console.info('selectCRLs result: success.');
} catch (err) {
console.error(`selectCRLs failed: errCode: ${err.code}, message: ${err.message}`);
}
}