1e41f4b71Sopenharmony_ci# Certificate Extension Development 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciThis topic walks you through on how to create a certificate extension (**CertExtension**) object, obtain the certificate extension information based on an object identifier (OID), and check whether the certificate is a CA certificate. 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci## How to Develop 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci1. Import the [certFramework](../../reference/apis-device-certificate-kit/js-apis-cert.md) module. 10e41f4b71Sopenharmony_ci ```ts 11e41f4b71Sopenharmony_ci import { cert } from '@kit.DeviceCertificateKit'; 12e41f4b71Sopenharmony_ci ``` 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci2. Use [cert.createCertExtension](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatecertextension10) to create a **CertExtension** object. 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ci3. Use [CertExtension.getEntry](../../reference/apis-device-certificate-kit/js-apis-cert.md#getentry10) to obtain the certificate extension of the specified OID. 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci 19e41f4b71Sopenharmony_ci4. Use [CertExtension.checkCA](../../reference/apis-device-certificate-kit/js-apis-cert.md#checkca10) to check whether the certificate is a CA certificate. 20e41f4b71Sopenharmony_ci 21e41f4b71Sopenharmony_ci```ts 22e41f4b71Sopenharmony_ciimport { cert } from '@kit.DeviceCertificateKit'; 23e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 24e41f4b71Sopenharmony_ciimport { util } from '@kit.ArkTS'; 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci// Certificate extension data. The following is only an example. 27e41f4b71Sopenharmony_cilet extData = new Uint8Array([ 28e41f4b71Sopenharmony_ci 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 29e41f4b71Sopenharmony_ci 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 30e41f4b71Sopenharmony_ci 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 31e41f4b71Sopenharmony_ci 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 32e41f4b71Sopenharmony_ci 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 33e41f4b71Sopenharmony_ci 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 34e41f4b71Sopenharmony_ci 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 35e41f4b71Sopenharmony_ci 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 36e41f4b71Sopenharmony_ci 0xD9, 0xE4 37e41f4b71Sopenharmony_ci]); 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ci// Certificate extension example. 40e41f4b71Sopenharmony_cifunction certExtensionSample(): void { 41e41f4b71Sopenharmony_ci let textEncoder = new util.TextEncoder(); 42e41f4b71Sopenharmony_ci let encodingBlob: cert.EncodingBlob = { 43e41f4b71Sopenharmony_ci data: extData, 44e41f4b71Sopenharmony_ci // Certificate extension format. Currently, only the DER format is supported. 45e41f4b71Sopenharmony_ci encodingFormat: cert.EncodingFormat.FORMAT_DER 46e41f4b71Sopenharmony_ci }; 47e41f4b71Sopenharmony_ci 48e41f4b71Sopenharmony_ci // Create a CertExtension object. 49e41f4b71Sopenharmony_ci cert.createCertExtension(encodingBlob, (err, certExtension) => { 50e41f4b71Sopenharmony_ci if (err != null) { 51e41f4b71Sopenharmony_ci // The CertExtension object fails to be created. 52e41f4b71Sopenharmony_ci console.error(`createCertExtension failed, errCode:${err.code}, errMsg:${err.message} `); 53e41f4b71Sopenharmony_ci return; 54e41f4b71Sopenharmony_ci } 55e41f4b71Sopenharmony_ci // The CertExtension object is created. 56e41f4b71Sopenharmony_ci console.log('createCertExtension success'); 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci try { 59e41f4b71Sopenharmony_ci // Obtain the certificate extension information based on an OID. 60e41f4b71Sopenharmony_ci let oidData = '2.5.29.14'; 61e41f4b71Sopenharmony_ci let oid: cert.DataBlob = { 62e41f4b71Sopenharmony_ci data: textEncoder.encodeInto(oidData), 63e41f4b71Sopenharmony_ci } 64e41f4b71Sopenharmony_ci let entry = certExtension.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oid); 65e41f4b71Sopenharmony_ci 66e41f4b71Sopenharmony_ci // Check whether the certificate is a CA certificate. 67e41f4b71Sopenharmony_ci let pathLen = certExtension.checkCA(); 68e41f4b71Sopenharmony_ci console.log('test cert extension success'); 69e41f4b71Sopenharmony_ci } catch (err) { 70e41f4b71Sopenharmony_ci let e: BusinessError = err as BusinessError; 71e41f4b71Sopenharmony_ci console.error(`operation failed, message:${e.message} ,code:${e.code} `); 72e41f4b71Sopenharmony_ci } 73e41f4b71Sopenharmony_ci }); 74e41f4b71Sopenharmony_ci} 75e41f4b71Sopenharmony_ci``` 76