1e41f4b71Sopenharmony_ci# @ohos.net.networkSecurity (Network Security) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ciThe **networkSecurity** module provides the network security verification capability. Specifically, it provides APIs for applications to verify the certificates in use. 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci> **NOTE** 6e41f4b71Sopenharmony_ci> 7e41f4b71Sopenharmony_ci> The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci## Modules to Import 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci```ts 12e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 13e41f4b71Sopenharmony_ci``` 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ci## Sample Code 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci```ts 18e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci// Define certificate blobs 21e41f4b71Sopenharmony_ciconst cert: networkSecurity.CertBlob = { 22e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 23e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 24e41f4b71Sopenharmony_ci}; 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ciconst caCert: networkSecurity.CertBlob = { 27e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 28e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 29e41f4b71Sopenharmony_ci}; 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci// Perform asynchronous certificate verification 32e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 33e41f4b71Sopenharmony_ci .then((result) => { 34e41f4b71Sopenharmony_ci console.info('Certificate verification result:', result); 35e41f4b71Sopenharmony_ci }) 36e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 37e41f4b71Sopenharmony_ci console.error('Certificate verification failed:', error); 38e41f4b71Sopenharmony_ci }); 39e41f4b71Sopenharmony_ci``` 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci> **NOTE** 42e41f4b71Sopenharmony_ci> 43e41f4b71Sopenharmony_ci> Be sure to replace the certificate data in the example with the actual certificate data. 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci## CertType 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ciEnumerates certificate types. 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Communication.NetStack 50e41f4b71Sopenharmony_ci 51e41f4b71Sopenharmony_ci| Name | Value | Description | 52e41f4b71Sopenharmony_ci| ------------- | ----- | ------------- | 53e41f4b71Sopenharmony_ci| CERT_TYPE_PEM | 0 | PEM certificate| 54e41f4b71Sopenharmony_ci| CERT_TYPE_DER | 1 | DER certificate.| 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ci 57e41f4b71Sopenharmony_ci## CertBlob 58e41f4b71Sopenharmony_ci 59e41f4b71Sopenharmony_ciDefines the certificate data. 60e41f4b71Sopenharmony_ci 61e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Communication.NetStack 62e41f4b71Sopenharmony_ci 63e41f4b71Sopenharmony_ci| Name | Type | Mandatory | Description | 64e41f4b71Sopenharmony_ci| ----- | --------------------- | --------- | -------------- | 65e41f4b71Sopenharmony_ci| type | CertType | Yes | Certificate type. | 66e41f4b71Sopenharmony_ci| data | string \| ArrayBuffer | Yes | Certificate data. | 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ci 69e41f4b71Sopenharmony_ci## networkSecurity.certVerification 70e41f4b71Sopenharmony_ci 71e41f4b71Sopenharmony_cicertVerification(cert: CertBlob, caCert?: CertBlob): Promise\<number\> 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ciObtains the preset CA certificate and custom CA certificate from the certificate management module, and verifies the certificate passed by the application. 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Communication.NetStack 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ci**Parameters** 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci| Name| Type | Mandatory| Description | 80e41f4b71Sopenharmony_ci| ------ | -------- | ---- | ---------------------- | 81e41f4b71Sopenharmony_ci| cert | CertBlob | Yes | Certificate to be verified. | 82e41f4b71Sopenharmony_ci| caCert | CertBlob | No | Custom CA certificate.| 83e41f4b71Sopenharmony_ci 84e41f4b71Sopenharmony_ci**Return values:** 85e41f4b71Sopenharmony_ci 86e41f4b71Sopenharmony_ci| Type | Description | 87e41f4b71Sopenharmony_ci| --------------- | ------------------------------------------------------------ | 88e41f4b71Sopenharmony_ci| Promise\<number\> | Promise used to return the result. The value **0** indicates that the certificate verification is successful, and a non-0 value indicates that the verification has failed.| 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_ci**Error codes** 91e41f4b71Sopenharmony_ci 92e41f4b71Sopenharmony_ci| ID| Error Message | 93e41f4b71Sopenharmony_ci| -------- | ---------------------------------------------------- | 94e41f4b71Sopenharmony_ci| 401 | Parameter error. | 95e41f4b71Sopenharmony_ci| 2305001 | Unspecified error. | 96e41f4b71Sopenharmony_ci| 2305002 | Unable to get issuer certificate. | 97e41f4b71Sopenharmony_ci| 2305003 | Unable to get certificate revocation list (CRL). | 98e41f4b71Sopenharmony_ci| 2305004 | Unable to decrypt certificate signature. | 99e41f4b71Sopenharmony_ci| 2305005 | Unable to decrypt CRL signature. | 100e41f4b71Sopenharmony_ci| 2305006 | Unable to decode issuer public key. | 101e41f4b71Sopenharmony_ci| 2305007 | Certificate signature failure. | 102e41f4b71Sopenharmony_ci| 2305008 | CRL signature failure. | 103e41f4b71Sopenharmony_ci| 2305009 | Certificate is not yet valid. | 104e41f4b71Sopenharmony_ci| 2305010 | Certificate has expired. | 105e41f4b71Sopenharmony_ci| 2305011 | CRL is not yet valid. | 106e41f4b71Sopenharmony_ci| 2305012 | CRL has expired. | 107e41f4b71Sopenharmony_ci| 2305018 | Self-signed certificate. | 108e41f4b71Sopenharmony_ci| 2305023 | Certificate has been revoked. | 109e41f4b71Sopenharmony_ci| 2305024 | Invalid certificate authority (CA). | 110e41f4b71Sopenharmony_ci| 2305027 | Certificate is untrusted. | 111e41f4b71Sopenharmony_ci| 2305069 | Call invalid. | 112e41f4b71Sopenharmony_ci 113e41f4b71Sopenharmony_ci> **NOTE** 114e41f4b71Sopenharmony_ci> 115e41f4b71Sopenharmony_ci> If any of the preceding error codes is reported during certificate verification, rectify the error based on the detailed information about the error description. 116e41f4b71Sopenharmony_ci 117e41f4b71Sopenharmony_ci**Example** 118e41f4b71Sopenharmony_ci 119e41f4b71Sopenharmony_ci```ts 120e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 121e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 122e41f4b71Sopenharmony_ci 123e41f4b71Sopenharmony_ci// Define certificate blobs 124e41f4b71Sopenharmony_ciconst cert:networkSecurity.CertBlob = { 125e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 126e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 127e41f4b71Sopenharmony_ci}; 128e41f4b71Sopenharmony_ci 129e41f4b71Sopenharmony_ciconst caCert:networkSecurity.CertBlob = { 130e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 131e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 132e41f4b71Sopenharmony_ci}; 133e41f4b71Sopenharmony_ci 134e41f4b71Sopenharmony_ci// Perform asynchronous certificate verification 135e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 136e41f4b71Sopenharmony_ci .then((result) => { 137e41f4b71Sopenharmony_ci console.info('Certificate verification result:', result); 138e41f4b71Sopenharmony_ci }) 139e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 140e41f4b71Sopenharmony_ci console.error('Certificate verification failed:', error); 141e41f4b71Sopenharmony_ci }); 142e41f4b71Sopenharmony_ci``` 143e41f4b71Sopenharmony_ci> **NOTE** 144e41f4b71Sopenharmony_ci> 145e41f4b71Sopenharmony_ci> Be sure to replace the certificate data in the example with the actual certificate data. 146e41f4b71Sopenharmony_ci 147e41f4b71Sopenharmony_ci 148e41f4b71Sopenharmony_ci 149e41f4b71Sopenharmony_ci## networkSecurity.certVerificationSync 150e41f4b71Sopenharmony_ci 151e41f4b71Sopenharmony_cicertVerificationSync(cert: CertBlob, caCert?: CertBlob): number 152e41f4b71Sopenharmony_ci 153e41f4b71Sopenharmony_ciObtains the preset CA certificate and custom CA certificate from the certificate management module, and verifies the certificate passed by the application. 154e41f4b71Sopenharmony_ci 155e41f4b71Sopenharmony_ci**System capability**: SystemCapability.Communication.NetStack 156e41f4b71Sopenharmony_ci 157e41f4b71Sopenharmony_ci**Parameters** 158e41f4b71Sopenharmony_ci 159e41f4b71Sopenharmony_ci| Name| Type | Mandatory| Description | 160e41f4b71Sopenharmony_ci| ------ | -------- | ---- | ---------------------- | 161e41f4b71Sopenharmony_ci| cert | CertBlob | Yes | Certificate to be verified. | 162e41f4b71Sopenharmony_ci| caCert | CertBlob | No | Custom CA certificate.| 163e41f4b71Sopenharmony_ci 164e41f4b71Sopenharmony_ci**Return values:** 165e41f4b71Sopenharmony_ci 166e41f4b71Sopenharmony_ci| Type | Description | 167e41f4b71Sopenharmony_ci| ------ | ------------------------------------------------------------ | 168e41f4b71Sopenharmony_ci| number | Certificate verification result. The value **0** indicates that the certificate verification is successful, and a non-0 value indicates that the verification has failed.| 169e41f4b71Sopenharmony_ci 170e41f4b71Sopenharmony_ci**Error codes** 171e41f4b71Sopenharmony_ci 172e41f4b71Sopenharmony_ci| ID| Error Message | 173e41f4b71Sopenharmony_ci| -------- | ---------------------------------------------------- | 174e41f4b71Sopenharmony_ci| 401 | Parameter error. | 175e41f4b71Sopenharmony_ci| 2305001 | Unspecified error. | 176e41f4b71Sopenharmony_ci| 2305002 | Unable to get issuer certificate. | 177e41f4b71Sopenharmony_ci| 2305003 | Unable to get certificate revocation list (CRL). | 178e41f4b71Sopenharmony_ci| 2305004 | Unable to decrypt certificate signature. | 179e41f4b71Sopenharmony_ci| 2305005 | Unable to decrypt CRL signature. | 180e41f4b71Sopenharmony_ci| 2305006 | Unable to decode issuer public key. | 181e41f4b71Sopenharmony_ci| 2305007 | Certificate signature failure. | 182e41f4b71Sopenharmony_ci| 2305008 | CRL signature failure. | 183e41f4b71Sopenharmony_ci| 2305009 | Certificate is not yet valid. | 184e41f4b71Sopenharmony_ci| 2305010 | Certificate has expired. | 185e41f4b71Sopenharmony_ci| 2305011 | CRL is not yet valid. | 186e41f4b71Sopenharmony_ci| 2305012 | CRL has expired. | 187e41f4b71Sopenharmony_ci| 2305023 | Certificate has been revoked. | 188e41f4b71Sopenharmony_ci| 2305024 | Invalid certificate authority (CA). | 189e41f4b71Sopenharmony_ci| 2305027 | Certificate is untrusted. | 190e41f4b71Sopenharmony_ci 191e41f4b71Sopenharmony_ci> **NOTE** 192e41f4b71Sopenharmony_ci> 193e41f4b71Sopenharmony_ci> If any of the preceding error codes is reported during certificate verification, rectify the error based on the detailed information about the error description. 194e41f4b71Sopenharmony_ci 195e41f4b71Sopenharmony_ci**Example** 196e41f4b71Sopenharmony_ci 197e41f4b71Sopenharmony_ci```ts 198e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 199e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 200e41f4b71Sopenharmony_ci 201e41f4b71Sopenharmony_ci// Create certificate blobs 202e41f4b71Sopenharmony_ciconst cert: networkSecurity.CertBlob = { 203e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 204e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n...' 205e41f4b71Sopenharmony_ci}; 206e41f4b71Sopenharmony_ci 207e41f4b71Sopenharmony_ciconst caCert: networkSecurity.CertBlob = { 208e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 209e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n...' 210e41f4b71Sopenharmony_ci}; 211e41f4b71Sopenharmony_ci 212e41f4b71Sopenharmony_ci// Asynchronous verification 213e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 214e41f4b71Sopenharmony_ci .then((result) => { 215e41f4b71Sopenharmony_ci console.info('Verification Result:', result); 216e41f4b71Sopenharmony_ci }) 217e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 218e41f4b71Sopenharmony_ci console.error('Verification Error:', error); 219e41f4b71Sopenharmony_ci }); 220e41f4b71Sopenharmony_ci 221e41f4b71Sopenharmony_ci// Synchronous verification 222e41f4b71Sopenharmony_cilet resultSync: number = networkSecurity.certVerificationSync(cert, caCert); 223e41f4b71Sopenharmony_ciconsole.info('Synchronous Verification Result:', resultSync); 224e41f4b71Sopenharmony_ci``` 225e41f4b71Sopenharmony_ci 226e41f4b71Sopenharmony_ci> **NOTE** 227e41f4b71Sopenharmony_ci> 228e41f4b71Sopenharmony_ci> Be sure to replace the certificate data in the example with the actual certificate data. 229