1e41f4b71Sopenharmony_ci# Certificate Chain Development
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ciThis topic walks you through on how to create a certificate chain object, obtain information about the certificates of the certificate chain, and validate the certificate chain using a trust anchor.
4e41f4b71Sopenharmony_ci
5e41f4b71Sopenharmony_ci## How to Develop
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci1. Import the [certFramework](../../reference/apis-device-certificate-kit/js-apis-cert.md) module.
8e41f4b71Sopenharmony_ci
9e41f4b71Sopenharmony_ci   ```ts
10e41f4b71Sopenharmony_ci   import { cert } from '@kit.DeviceCertificateKit';
11e41f4b71Sopenharmony_ci   ```
12e41f4b71Sopenharmony_ci
13e41f4b71Sopenharmony_ci2. Use [cert.createX509CertChain](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509certchain11) to create an X.509 certificate chain (**X509CertChain**) object.
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci3. Use [x509CertChain.getCertList](../../reference/apis-device-certificate-kit/js-apis-cert.md#getcertlist11) to obtain information about the X.509 certificates of the certificate chain.
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci4. Use [x509CertChain.validate](../../reference/apis-device-certificate-kit/js-apis-cert.md#validate11) to validate the certificate chain.
18e41f4b71Sopenharmony_ci
19e41f4b71Sopenharmony_ci```ts
20e41f4b71Sopenharmony_ciimport { cert } from '@kit.DeviceCertificateKit';
21e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit';
22e41f4b71Sopenharmony_ciimport { util } from '@kit.ArkTS';
23e41f4b71Sopenharmony_ci
24e41f4b71Sopenharmony_cilet certChainData = "-----BEGIN CERTIFICATE-----\n" +
25e41f4b71Sopenharmony_ci  "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" +
26e41f4b71Sopenharmony_ci  "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" +
27e41f4b71Sopenharmony_ci  "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" +
28e41f4b71Sopenharmony_ci  "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" +
29e41f4b71Sopenharmony_ci  "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" +
30e41f4b71Sopenharmony_ci  "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
31e41f4b71Sopenharmony_ci  "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" +
32e41f4b71Sopenharmony_ci  "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" +
33e41f4b71Sopenharmony_ci  "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" +
34e41f4b71Sopenharmony_ci  "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" +
35e41f4b71Sopenharmony_ci  "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" +
36e41f4b71Sopenharmony_ci  "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" +
37e41f4b71Sopenharmony_ci  "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" +
38e41f4b71Sopenharmony_ci  "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" +
39e41f4b71Sopenharmony_ci  "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" +
40e41f4b71Sopenharmony_ci  "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" +
41e41f4b71Sopenharmony_ci  "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" +
42e41f4b71Sopenharmony_ci  "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" +
43e41f4b71Sopenharmony_ci  "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" +
44e41f4b71Sopenharmony_ci  "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" +
45e41f4b71Sopenharmony_ci  "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" +
46e41f4b71Sopenharmony_ci  "-----END CERTIFICATE-----\n" +
47e41f4b71Sopenharmony_ci  "-----BEGIN CERTIFICATE-----\n" +
48e41f4b71Sopenharmony_ci  "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" +
49e41f4b71Sopenharmony_ci  "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" +
50e41f4b71Sopenharmony_ci  "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" +
51e41f4b71Sopenharmony_ci  "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" +
52e41f4b71Sopenharmony_ci  "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" +
53e41f4b71Sopenharmony_ci  "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" +
54e41f4b71Sopenharmony_ci  "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" +
55e41f4b71Sopenharmony_ci  "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" +
56e41f4b71Sopenharmony_ci  "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" +
57e41f4b71Sopenharmony_ci  "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" +
58e41f4b71Sopenharmony_ci  "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" +
59e41f4b71Sopenharmony_ci  "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" +
60e41f4b71Sopenharmony_ci  "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" +
61e41f4b71Sopenharmony_ci  "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" +
62e41f4b71Sopenharmony_ci  "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" +
63e41f4b71Sopenharmony_ci  "uKPWR9dKBA==\n" +
64e41f4b71Sopenharmony_ci  "-----END CERTIFICATE-----\n" +
65e41f4b71Sopenharmony_ci  "-----BEGIN CERTIFICATE-----\n"  +
66e41f4b71Sopenharmony_ci  "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" +
67e41f4b71Sopenharmony_ci  "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" +
68e41f4b71Sopenharmony_ci  "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" +
69e41f4b71Sopenharmony_ci  "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" +
70e41f4b71Sopenharmony_ci  "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" +
71e41f4b71Sopenharmony_ci  "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" +
72e41f4b71Sopenharmony_ci  "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" +
73e41f4b71Sopenharmony_ci  "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" +
74e41f4b71Sopenharmony_ci  "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" +
75e41f4b71Sopenharmony_ci  "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" +
76e41f4b71Sopenharmony_ci  "xjoE\n" +
77e41f4b71Sopenharmony_ci  "-----END CERTIFICATE-----\n";
78e41f4b71Sopenharmony_ci
79e41f4b71Sopenharmony_ciasync function sample() {
80e41f4b71Sopenharmony_ci  let textEncoder = new util.TextEncoder();
81e41f4b71Sopenharmony_ci  // Certificate chain binary data, which may vary with the service.
82e41f4b71Sopenharmony_ci  const encodingBlob: cert.EncodingBlob = {
83e41f4b71Sopenharmony_ci    data: textEncoder.encodeInto(certChainData),
84e41f4b71Sopenharmony_ci    // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7.
85e41f4b71Sopenharmony_ci    encodingFormat: cert.EncodingFormat.FORMAT_PEM
86e41f4b71Sopenharmony_ci  };
87e41f4b71Sopenharmony_ci  let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain;
88e41f4b71Sopenharmony_ci  try {
89e41f4b71Sopenharmony_ci    x509CertChain = await cert.createX509CertChain(encodingBlob);
90e41f4b71Sopenharmony_ci  } catch (err) {
91e41f4b71Sopenharmony_ci    let e: BusinessError = err as BusinessError;
92e41f4b71Sopenharmony_ci    console.error(`createX509CertChain failed, errCode: ${e.code}, errMsg: ${e.message}`);
93e41f4b71Sopenharmony_ci  }
94e41f4b71Sopenharmony_ci
95e41f4b71Sopenharmony_ci  try {
96e41f4b71Sopenharmony_ci    let certList = x509CertChain.getCertList();
97e41f4b71Sopenharmony_ci  } catch (err) {
98e41f4b71Sopenharmony_ci    let e: BusinessError = err as BusinessError;
99e41f4b71Sopenharmony_ci    console.error(`X509CertChain getCertList failed, errCode: ${e.code}, errMsg: ${e.message}`);
100e41f4b71Sopenharmony_ci  }
101e41f4b71Sopenharmony_ci
102e41f4b71Sopenharmony_ci  // Certificate chain validation data, which may vary with the service.
103e41f4b71Sopenharmony_ci  const param: cert.CertChainValidationParameters = {
104e41f4b71Sopenharmony_ci    date: '20231212080000Z',
105e41f4b71Sopenharmony_ci    trustAnchors: [{
106e41f4b71Sopenharmony_ci      CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]),
107e41f4b71Sopenharmony_ci      CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]),
108e41f4b71Sopenharmony_ci    }]
109e41f4b71Sopenharmony_ci  };
110e41f4b71Sopenharmony_ci  try {
111e41f4b71Sopenharmony_ci    const validationRes = await x509CertChain.validate(param);
112e41f4b71Sopenharmony_ci    console.log('X509CertChain validate success');
113e41f4b71Sopenharmony_ci  } catch (err) {
114e41f4b71Sopenharmony_ci    console.error('X509CertChain validate failed');
115e41f4b71Sopenharmony_ci  }
116e41f4b71Sopenharmony_ci}
117e41f4b71Sopenharmony_ci```
118