1e41f4b71Sopenharmony_ci# @ohos.net.networkSecurity (Network Security) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci本模块提供网络安全校验能力。应用可以通过证书校验API完成证书校验功能。 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci> **说明:** 6e41f4b71Sopenharmony_ci> 7e41f4b71Sopenharmony_ci> 本模块首批接口从API version 11开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci## 导入模块 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci```ts 12e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 13e41f4b71Sopenharmony_ci``` 14e41f4b71Sopenharmony_ci 15e41f4b71Sopenharmony_ci## 完整实例 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci```ts 18e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci// Define certificate blobs 21e41f4b71Sopenharmony_ciconst cert: networkSecurity.CertBlob = { 22e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 23e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 24e41f4b71Sopenharmony_ci}; 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ciconst caCert: networkSecurity.CertBlob = { 27e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 28e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 29e41f4b71Sopenharmony_ci}; 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci// Perform asynchronous certificate verification 32e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 33e41f4b71Sopenharmony_ci .then((result) => { 34e41f4b71Sopenharmony_ci console.info('Certificate verification result:', result); 35e41f4b71Sopenharmony_ci }) 36e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 37e41f4b71Sopenharmony_ci console.error('Certificate verification failed:', error); 38e41f4b71Sopenharmony_ci }); 39e41f4b71Sopenharmony_ci``` 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci> **注意**: 42e41f4b71Sopenharmony_ci> 43e41f4b71Sopenharmony_ci> 请务必将示例中的证书数据替换为实际的证书内容。 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci## CertType 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci证书编码类型。 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci**系统能力**: SystemCapability.Communication.NetStack 50e41f4b71Sopenharmony_ci 51e41f4b71Sopenharmony_ci| 名称 | 值 | 说明 | 52e41f4b71Sopenharmony_ci| ------------- | ----- | ------------- | 53e41f4b71Sopenharmony_ci| CERT_TYPE_PEM | 0 | PEM格式证书。 | 54e41f4b71Sopenharmony_ci| CERT_TYPE_DER | 1 | DER格式证书。 | 55e41f4b71Sopenharmony_ci 56e41f4b71Sopenharmony_ci 57e41f4b71Sopenharmony_ci## CertBlob 58e41f4b71Sopenharmony_ci 59e41f4b71Sopenharmony_ci证书数据。 60e41f4b71Sopenharmony_ci 61e41f4b71Sopenharmony_ci**系统能力**: SystemCapability.Communication.NetStack 62e41f4b71Sopenharmony_ci 63e41f4b71Sopenharmony_ci| 名称 | 类型 | 必填 | 说明 | 64e41f4b71Sopenharmony_ci| ----- | --------------------- | --------- | -------------- | 65e41f4b71Sopenharmony_ci| type | CertType | 是 | 证书编码类型。 | 66e41f4b71Sopenharmony_ci| data | string \| ArrayBuffer | 是 | 证书内容。 | 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ci 69e41f4b71Sopenharmony_ci## networkSecurity.certVerification 70e41f4b71Sopenharmony_ci 71e41f4b71Sopenharmony_cicertVerification(cert: CertBlob, caCert?: CertBlob): Promise\<number\> 72e41f4b71Sopenharmony_ci 73e41f4b71Sopenharmony_ci从证书管理获取系统预置的CA证书和用户安装的CA证书,对应用传入的证书进行校验。 74e41f4b71Sopenharmony_ci 75e41f4b71Sopenharmony_ci**系统能力**: SystemCapability.Communication.NetStack 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ci**参数** 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci| 参数名 | 类型 | 必填 | 说明 | 80e41f4b71Sopenharmony_ci| ------ | -------- | ---- | ---------------------- | 81e41f4b71Sopenharmony_ci| cert | CertBlob | 是 | 被校验的证书。 | 82e41f4b71Sopenharmony_ci| caCert | CertBlob | 否 | 传入自定义的CA证书。 | 83e41f4b71Sopenharmony_ci 84e41f4b71Sopenharmony_ci**返回值:** 85e41f4b71Sopenharmony_ci 86e41f4b71Sopenharmony_ci| 类型 | 说明 | 87e41f4b71Sopenharmony_ci| --------------- | ------------------------------------------------------------ | 88e41f4b71Sopenharmony_ci| Promise\<number\> | 以promise形式返回一个数字,表示证书验证的结果。如果证书验证成功,则返回0; 否则验证失败。 | 89e41f4b71Sopenharmony_ci 90e41f4b71Sopenharmony_ci**错误码:** 91e41f4b71Sopenharmony_ci 92e41f4b71Sopenharmony_ci| 错误码ID | 错误信息 | 93e41f4b71Sopenharmony_ci| -------- | ---------------------------------------------------- | 94e41f4b71Sopenharmony_ci| 401 | Parameter error. | 95e41f4b71Sopenharmony_ci| 2305001 | Unspecified error. | 96e41f4b71Sopenharmony_ci| 2305002 | Unable to get issuer certificate. | 97e41f4b71Sopenharmony_ci| 2305003 | Unable to get certificate revocation list (CRL). | 98e41f4b71Sopenharmony_ci| 2305004 | Unable to decrypt certificate signature. | 99e41f4b71Sopenharmony_ci| 2305005 | Unable to decrypt CRL signature. | 100e41f4b71Sopenharmony_ci| 2305006 | Unable to decode issuer public key. | 101e41f4b71Sopenharmony_ci| 2305007 | Certificate signature failure. | 102e41f4b71Sopenharmony_ci| 2305008 | CRL signature failure. | 103e41f4b71Sopenharmony_ci| 2305009 | Certificate is not yet valid. | 104e41f4b71Sopenharmony_ci| 2305010 | Certificate has expired. | 105e41f4b71Sopenharmony_ci| 2305011 | CRL is not yet valid. | 106e41f4b71Sopenharmony_ci| 2305012 | CRL has expired. | 107e41f4b71Sopenharmony_ci| 2305018 | Self-signed certificate. | 108e41f4b71Sopenharmony_ci| 2305023 | Certificate has been revoked. | 109e41f4b71Sopenharmony_ci| 2305024 | Invalid certificate authority (CA). | 110e41f4b71Sopenharmony_ci| 2305027 | Certificate is untrusted. | 111e41f4b71Sopenharmony_ci| 2305069 | Invalid certificate verification context. | 112e41f4b71Sopenharmony_ci 113e41f4b71Sopenharmony_ci> **说明:** 114e41f4b71Sopenharmony_ci> 115e41f4b71Sopenharmony_ci> 这些错误代码对应于证书验证过程中的各种失败,提供有关所遇到问题的详细信息。 116e41f4b71Sopenharmony_ci 117e41f4b71Sopenharmony_ci**示例:** 118e41f4b71Sopenharmony_ci 119e41f4b71Sopenharmony_ci```ts 120e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 121e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 122e41f4b71Sopenharmony_ci 123e41f4b71Sopenharmony_ci// Define certificate blobs 124e41f4b71Sopenharmony_ciconst cert:networkSecurity.CertBlob = { 125e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 126e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 127e41f4b71Sopenharmony_ci}; 128e41f4b71Sopenharmony_ci 129e41f4b71Sopenharmony_ciconst caCert:networkSecurity.CertBlob = { 130e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 131e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 132e41f4b71Sopenharmony_ci}; 133e41f4b71Sopenharmony_ci 134e41f4b71Sopenharmony_ci// Perform asynchronous certificate verification 135e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 136e41f4b71Sopenharmony_ci .then((result) => { 137e41f4b71Sopenharmony_ci console.info('Certificate verification result:', result); 138e41f4b71Sopenharmony_ci }) 139e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 140e41f4b71Sopenharmony_ci console.error('Certificate verification failed:', error); 141e41f4b71Sopenharmony_ci }); 142e41f4b71Sopenharmony_ci``` 143e41f4b71Sopenharmony_ci> **注意**: 144e41f4b71Sopenharmony_ci> 145e41f4b71Sopenharmony_ci> 请务必将示例中的证书数据替换为实际的证书内容。 146e41f4b71Sopenharmony_ci 147e41f4b71Sopenharmony_ci 148e41f4b71Sopenharmony_ci 149e41f4b71Sopenharmony_ci## networkSecurity.certVerificationSync 150e41f4b71Sopenharmony_ci 151e41f4b71Sopenharmony_cicertVerificationSync(cert: CertBlob, caCert?: CertBlob): number 152e41f4b71Sopenharmony_ci 153e41f4b71Sopenharmony_ci从证书管理获取系统预置的CA证书和用户安装的CA证书,对应用传入的证书进行校验。 154e41f4b71Sopenharmony_ci 155e41f4b71Sopenharmony_ci**系统能力**:SystemCapability.Communication.NetStack 156e41f4b71Sopenharmony_ci 157e41f4b71Sopenharmony_ci**参数**: 158e41f4b71Sopenharmony_ci 159e41f4b71Sopenharmony_ci| 参数名 | 类型 | 必填 | 说明 | 160e41f4b71Sopenharmony_ci| ------ | -------- | ---- | ---------------------- | 161e41f4b71Sopenharmony_ci| cert | CertBlob | 是 | 被校验的证书。 | 162e41f4b71Sopenharmony_ci| caCert | CertBlob | 否 | 传入自定义的CA证书。 | 163e41f4b71Sopenharmony_ci 164e41f4b71Sopenharmony_ci**返回值:** 165e41f4b71Sopenharmony_ci 166e41f4b71Sopenharmony_ci| 类型 | 说明 | 167e41f4b71Sopenharmony_ci| ------ | ------------------------------------------------------------ | 168e41f4b71Sopenharmony_ci| number | 表示证书验证的结果。如果证书验证成功,则返回0; 否则验证失败。 | 169e41f4b71Sopenharmony_ci 170e41f4b71Sopenharmony_ci**错误码:** 171e41f4b71Sopenharmony_ci 172e41f4b71Sopenharmony_ci| 错误码ID | 错误信息 | 173e41f4b71Sopenharmony_ci| -------- | ---------------------------------------------------- | 174e41f4b71Sopenharmony_ci| 401 | Parameter error. | 175e41f4b71Sopenharmony_ci| 2305001 | Unspecified error. | 176e41f4b71Sopenharmony_ci| 2305002 | Unable to get issuer certificate. | 177e41f4b71Sopenharmony_ci| 2305003 | Unable to get certificate revocation list (CRL). | 178e41f4b71Sopenharmony_ci| 2305004 | Unable to decrypt certificate signature. | 179e41f4b71Sopenharmony_ci| 2305005 | Unable to decrypt CRL signature. | 180e41f4b71Sopenharmony_ci| 2305006 | Unable to decode issuer public key. | 181e41f4b71Sopenharmony_ci| 2305007 | Certificate signature failure. | 182e41f4b71Sopenharmony_ci| 2305008 | CRL signature failure. | 183e41f4b71Sopenharmony_ci| 2305009 | Certificate is not yet valid. | 184e41f4b71Sopenharmony_ci| 2305010 | Certificate has expired. | 185e41f4b71Sopenharmony_ci| 2305011 | CRL is not yet valid. | 186e41f4b71Sopenharmony_ci| 2305012 | CRL has expired. | 187e41f4b71Sopenharmony_ci| 2305018 | Self-signed certificate. | 188e41f4b71Sopenharmony_ci| 2305023 | Certificate has been revoked. | 189e41f4b71Sopenharmony_ci| 2305024 | Invalid certificate authority (CA). | 190e41f4b71Sopenharmony_ci| 2305027 | Certificate is untrusted. | 191e41f4b71Sopenharmony_ci| 2305069 | Invalid certificate verification context. | 192e41f4b71Sopenharmony_ci 193e41f4b71Sopenharmony_ci> **说明:** 194e41f4b71Sopenharmony_ci> 195e41f4b71Sopenharmony_ci> 这些错误代码对应于证书验证过程中的各种失败,提供有关所遇到问题的详细信息。 196e41f4b71Sopenharmony_ci 197e41f4b71Sopenharmony_ci**示例:** 198e41f4b71Sopenharmony_ci 199e41f4b71Sopenharmony_ci```ts 200e41f4b71Sopenharmony_ciimport { networkSecurity } from '@kit.NetworkKit'; 201e41f4b71Sopenharmony_ciimport { BusinessError } from '@kit.BasicServicesKit'; 202e41f4b71Sopenharmony_ci 203e41f4b71Sopenharmony_ci// Create certificate blobs 204e41f4b71Sopenharmony_ciconst cert: networkSecurity.CertBlob = { 205e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 206e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n...' 207e41f4b71Sopenharmony_ci}; 208e41f4b71Sopenharmony_ci 209e41f4b71Sopenharmony_ciconst caCert: networkSecurity.CertBlob = { 210e41f4b71Sopenharmony_ci type: networkSecurity.CertType.CERT_TYPE_PEM, 211e41f4b71Sopenharmony_ci data: '-----BEGIN CERTIFICATE-----\n...' 212e41f4b71Sopenharmony_ci}; 213e41f4b71Sopenharmony_ci 214e41f4b71Sopenharmony_ci// Asynchronous verification 215e41f4b71Sopenharmony_cinetworkSecurity.certVerification(cert, caCert) 216e41f4b71Sopenharmony_ci .then((result) => { 217e41f4b71Sopenharmony_ci console.info('Verification Result:', result); 218e41f4b71Sopenharmony_ci }) 219e41f4b71Sopenharmony_ci .catch((error: BusinessError) => { 220e41f4b71Sopenharmony_ci console.error('Verification Error:', error); 221e41f4b71Sopenharmony_ci }); 222e41f4b71Sopenharmony_ci 223e41f4b71Sopenharmony_ci// Synchronous verification 224e41f4b71Sopenharmony_cilet resultSync: number = networkSecurity.certVerificationSync(cert, caCert); 225e41f4b71Sopenharmony_ciconsole.info('Synchronous Verification Result:', resultSync); 226e41f4b71Sopenharmony_ci``` 227e41f4b71Sopenharmony_ci 228e41f4b71Sopenharmony_ci> **注意**: 229e41f4b71Sopenharmony_ci> 230e41f4b71Sopenharmony_ci> 请务必将示例中的证书数据替换为实际的证书内容。 231