diff --git a/zh-cn/application-dev/reference/apis/js-apis-cert.md b/zh-cn/application-dev/reference/apis/js-apis-cert.md
index 45cb1aab4d9878c4d73ab348acb91d86bd1555e2..e8ddbd50580611c01c826674f613934199c510ca 100755
--- a/zh-cn/application-dev/reference/apis/js-apis-cert.md
+++ b/zh-cn/application-dev/reference/apis/js-apis-cert.md
@@ -1528,12 +1528,16 @@ cryptoCert.createCertExtension(encodingBlob, function (error, certExt) {
});
```
-## cryptoCert.createX509Crl
+## cryptoCert.createX509Crl(deprecated)
createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\) : void
表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。
+> **说明:**
+>
+> 从API version 9开始支持,从API version 10开始废弃,建议使用[cryptoCert.createX509CRL](#cryptocertcreatex509crl10)替代。
+
**系统能力:** SystemCapability.Security.Cert
**参数**:
@@ -1570,12 +1574,16 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-## cryptoCert.createX509Crl
+## cryptoCert.createX509Crl(deprecated)
createX509Crl(inStream : EncodingBlob) : Promise\
表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。
+> **说明:**
+>
+> 从API Version 10开始废弃,建议使用[cryptoCert.createX509CRL](#cryptocertcreatex509crl10-1)替代。
+
**系统能力:** SystemCapability.Security.Cert
**参数**:
@@ -1615,11 +1623,987 @@ cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
});
```
-## X509Crl
+## cryptoCert.createX509CRL10+
+
+createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\) : void
+
+表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | ----------------------------------- | ---- | ------------------------------ |
+| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 |
+| callback | AsyncCallback\<[X509CRL](#x509crl)> | 是 | 回调函数。表示证书吊销列表对象 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ------------- |
+| 19020001 | memory error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
+ if (error != null) {
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509CRL success");
+ }
+});
+```
+
+## cryptoCert.createX509CRL10+
+
+createX509CRL(inStream : EncodingBlob) : Promise\
+
+表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | ----------------------------- | ---- | -------------------------- |
+| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据 |
+
+**返回值**:
+
+| 类型 | 说明 |
+| ----------------------------- | -------------------- |
+| Promise\<[X509CRL](#x509crl)> | 表示证书吊销列表对象 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ------------- |
+| 19020001 | memory error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509CRL(encodingBlob).then(x509CRL => {
+ console.log("createX509CRL success");
+}, error => {
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
+});
+```
+
+## X509Crl(deprecated)
+
+X509证书吊销列表对象。
+
+> **说明:**
+>
+> 从API version 9开始支持,从API version 10开始废弃,建议使用[X509CRL](#x509crl10)中的同名方法替代。
+
+### isRevoked(deprecated)
+
+isRevoked(cert : X509Cert) : boolean
+
+表示检查证书是否吊销。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| ------ | -------- | ---- | -------------------- |
+| cert | X509Cert | 是 | 表示被检查的证书对象 |
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------- | --------------------------------------------- |
+| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销 |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ // 业务需自行生成X509Cert证书对象
+ let x509Cert = null;
+ try {
+ let revokedFlag = x509Crl.isRevoked(x509Cert);
+ } catch (error) {
+ console.log("isRevoked failed, errCode: " + error.code + ", errMsg: " + error.message);
+ }
+ }
+});
+```
+
+### getType(deprecated)
+
+getType() : string
+
+表示获取证书吊销列表类型。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | -------------------- |
+| string | 表示证书吊销列表类型 |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let type = x509Crl.getType();
+ }
+});
+```
+
+### getEncoded(deprecated)
+
+getEncoded(callback : AsyncCallback\) : void
+
+表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | ---------------------------- | ---- | ------------------------------------------ |
+| callback | AsyncCallback\ | 是 | 回调函数,表示X509证书吊销列表的序列化数据 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ x509Crl.getEncoded(function (error, data) {
+ if (error != null) {
+ console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("getEncoded success");
+ }
+ });
+ }
+});
+```
+
+### getEncoded(deprecated)
+
+getEncoded() : Promise\
+
+表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ---------------------- | -------------------------------- |
+| Promise\ | 表示X509证书吊销列表的序列化数据 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
+ console.log("createX509Crl success");
+ x509Crl.getEncoded().then(result => {
+ console.log("getEncoded success");
+ }, error => {
+ console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
+ });
+}, error => {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+});
+```
+
+### verify(deprecated)
+
+verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void
+
+表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | -------------------- | ---- | ------------------------------------------------------------ |
+| key | cryptoFramework.PubKey | 是 | 表示用于验签的公钥对象 |
+| callback | AsyncCallback\ | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+import cryptoFramework from "@ohos.security.cryptoFramework"
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ // 业务需通过AsyKeyGenerator生成PubKey
+ let pubKey = null;
+ x509Crl.verify(pubKey, function (error, data) {
+ if (error != null) {
+ console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("verify success");
+ }
+ });
+ }
+});
+```
+
+### verify(deprecated)
+
+verify(key : cryptoFramework.PubKey) : Promise\
+
+表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| ------ | ------ | ---- | ---------------------- |
+| key | cryptoFramework.PubKey | 是 | 表示用于验签的公钥对象。 |
+
+**返回值**:
+
+| 类型 | 说明 |
+| ---- | ------------------------------------------------------------ |
+| Promise\ | Promise对象 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+import cryptoFramework from "@ohos.security.cryptoFramework"
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
+ console.log("createX509Crl success");
+ // 业务需通过AsyKeyGenerator生成PubKey
+ let pubKey = null;
+ x509Crl.verify(pubKey).then(result => {
+ console.log("verify success");
+ }, error => {
+ console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
+ });
+}, error => {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+});
+```
+
+### getVersion(deprecated)
+
+getVersion() : number
+
+表示获取X509证书吊销列表的版本号。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | -------------------------------- |
+| number | 表示获取X509证书吊销列表的版本号 |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let version = x509Crl.getVersion();
+ }
+});
+```
+
+### getIssuerName(deprecated)
+
+getIssuerName() : DataBlob
+
+表示获取X509证书吊销列表颁发者名称。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------- | ------------------------------ |
+| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let issuerName = x509Crl.getIssuerName();
+ }
+});
+```
+
+### getLastUpdate(deprecated)
+
+getLastUpdate() : string
+
+表示获取X509证书吊销列表最后一次更新日期。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | ------------------------------------ |
+| string | 表示X509证书吊销列表最后一次更新日期 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let lastUpdate = x509Crl.getLastUpdate();
+ }
+});
+```
+
+### getNextUpdate(deprecated)
+
+getNextUpdate() : string
+
+表示获取证书吊销列表下一次更新的日期。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | ------------------------------------ |
+| string | 表示X509证书吊销列表下一次更新的日期 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let nextUpdate = x509Crl.getNextUpdate();
+ }
+});
+```
+
+### getRevokedCert(deprecated)
+
+getRevokedCert(serialNumber : number) : X509CrlEntry
+
+表示通过指定证书序列号获取被吊销X509证书对象。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| ------------ | ------ | ---- | -------------- |
+| serialNumber | number | 是 | 表示证书序列号 |
+
+**返回值**:
+
+| 类型 | 说明 |
+| ---------------------- | --------------------- |
+| [X509CrlEntry](#x509crlentry) | 表示被吊销X509证书对象 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ // 业务需赋值为对应证书的序列号
+ let serialNumber = 1000;
+ try {
+ let entry = x509Crl.getRevokedCert(serialNumber);
+ } catch (error) {
+ console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message);
+ }
+ }
+});
+```
+
+### getRevokedCertWithCert(deprecated)
+
+getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry
+
+表示通过指定证书对象获取被吊销X509证书对象。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| ------ | --------------------- | ---- | ------------ |
+| cert | [X509Cert](#x509cert) | 是 | 表示证书对象 |
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------------ | -------------------- |
+| [X509CrlEntry](#x509crlentry) | 表示被吊销X509证书对象 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ // 业务需自行生成X509Cert证书对象
+ let x509Cert = null;
+ try {
+ let entry = x509Crl.getRevokedCertWithCert(x509Cert);
+ } catch (error) {
+ console.log("getRevokedCertWithCert failed, errCode: " + error.code + ", errMsg: " + error.message);
+ }
+ }
+});
+```
+
+### getRevokedCerts(deprecated)
+
+getRevokedCerts(callback : AsyncCallback>) : void
+
+表示获取被吊销X509证书列表,使用Callback回调异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | ---------------------------------------------------- | ---- | -------------------------------- |
+| callback | AsyncCallback> | 是 | 回调函数。表示被吊销X509证书列表 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ x509Crl.getRevokedCerts(function (error, array) {
+ if (error != null) {
+ console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("getRevokedCerts success");
+ }
+ });
+ }
+});
+```
+
+### getRevokedCerts(deprecated)
+
+getRevokedCerts() : Promise>
+
+表示获取被吊销X509证书列表,使用Promise方式异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ---------------------------------------------- | ---------------------- |
+| Promise> | 表示被吊销X509证书列表 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
+ console.log("createX509Crl success");
+ x509Crl.getRevokedCerts().then(array => {
+ console.log("getRevokedCerts success");
+ }, error => {
+ console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
+ });
+}, error => {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+});
+```
+
+### getTbsInfo(deprecated)
+
+getTbsInfo() : DataBlob
+
+表示获取证书吊销列表的tbsCertList信息。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------- | ------------------------------- |
+| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ try {
+ let tbsInfo = x509Crl.getTbsInfo();
+ } catch (error) {
+ console.log("getTbsInfo failed, errCode: " + error.code + ", errMsg: " + error.message);
+ }
+ }
+});
+```
+
+### getSignature(deprecated)
+
+getSignature() : DataBlob
+
+表示获取X509证书吊销列表的签名数据。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------- | ------------------------------ |
+| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let signature = x509Crl.getSignature();
+ }
+});
+```
+
+### getSignatureAlgName(deprecated)
+
+getSignatureAlgName() : string
+
+表示获取X509证书吊销列表签名的算法名称。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | -------------------------------- |
+| string | 表示X509证书吊销列表签名的算法名 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let sigAlgName = x509Crl.getSignatureAlgName();
+ }
+});
+```
+
+### getSignatureAlgOid(deprecated)
+
+getSignatureAlgOid() : string
+
+表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | --------------------------------------------- |
+| string | 表示X509证书吊销列表签名算法的对象标志符OID。 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let sigAlgOid = x509Crl.getSignatureAlgOid();
+ }
+});
+```
+
+### getSignatureAlgParams(deprecated)
+
+getSignatureAlgParams() : DataBlob
+
+表示获取X509证书吊销列表签名的算法参数。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------- | ---------------------------------- |
+| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 证书吊销列表二进制数据,需业务自行赋值
+let encodingData = null;
+let encodingBlob = {
+ data: encodingData,
+ // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
+ encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
+};
+cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+ if (error != null) {
+ console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("createX509Crl success");
+ let sigAlgParams = x509Crl.getSignatureAlgParams();
+ }
+});
+```
+
+## X509CRL10+
X509证书吊销列表对象。
-### isRevoked
+### isRevoked10+
isRevoked(cert : X509Cert) : boolean
@@ -1651,15 +2635,15 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
// 业务需自行生成X509Cert证书对象
let x509Cert = null;
try {
- let revokedFlag = x509Crl.isRevoked(x509Cert);
+ let revokedFlag = x509CRL.isRevoked(x509Cert);
} catch (error) {
console.log("isRevoked failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -1667,7 +2651,7 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getType
+### getType10+
getType() : string
@@ -1693,17 +2677,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let type = x509Crl.getType();
+ console.log("createX509CRL success");
+ let type = x509CRL.getType();
}
});
```
-### getEncoded
+### getEncoded10+
getEncoded(callback : AsyncCallback\) : void
@@ -1737,12 +2721,12 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- x509Crl.getEncoded(function (error, data) {
+ console.log("createX509CRL success");
+ x509CRL.getEncoded(function (error, data) {
if (error != null) {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
@@ -1753,7 +2737,7 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getEncoded
+### getEncoded10+
getEncoded() : Promise\
@@ -1787,19 +2771,19 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
- console.log("createX509Crl success");
- x509Crl.getEncoded().then(result => {
+cryptoCert.createX509CRL(encodingBlob).then(x509CRL => {
+ console.log("createX509CRL success");
+ x509CRL.getEncoded().then(result => {
console.log("getEncoded success");
}, error => {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
-### verify
+### verify10+
verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void
@@ -1833,14 +2817,14 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
// 业务需通过AsyKeyGenerator生成PubKey
let pubKey = null;
- x509Crl.verify(pubKey, function (error, data) {
+ x509CRL.verify(pubKey, function (error, data) {
if (error != null) {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
@@ -1851,7 +2835,7 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### verify
+### verify10+
verify(key : cryptoFramework.PubKey) : Promise\
@@ -1890,21 +2874,21 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
- console.log("createX509Crl success");
+cryptoCert.createX509CRL(encodingBlob).then(x509CRL => {
+ console.log("createX509CRL success");
// 业务需通过AsyKeyGenerator生成PubKey
let pubKey = null;
- x509Crl.verify(pubKey).then(result => {
+ x509CRL.verify(pubKey).then(result => {
console.log("verify success");
}, error => {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
-### getVersion
+### getVersion10+
getVersion() : number
@@ -1930,17 +2914,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let version = x509Crl.getVersion();
+ console.log("createX509CRL success");
+ let version = x509CRL.getVersion();
}
});
```
-### getIssuerName
+### getIssuerName10+
getIssuerName() : DataBlob
@@ -1974,17 +2958,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let issuerName = x509Crl.getIssuerName();
+ console.log("createX509CRL success");
+ let issuerName = x509CRL.getIssuerName();
}
});
```
-### getLastUpdate
+### getLastUpdate10+
getLastUpdate() : string
@@ -2018,17 +3002,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let lastUpdate = x509Crl.getLastUpdate();
+ console.log("createX509CRL success");
+ let lastUpdate = x509CRL.getLastUpdate();
}
});
```
-### getNextUpdate
+### getNextUpdate10+
getNextUpdate() : string
@@ -2062,19 +3046,19 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let nextUpdate = x509Crl.getNextUpdate();
+ console.log("createX509CRL success");
+ let nextUpdate = x509CRL.getNextUpdate();
}
});
```
-### getRevokedCert
+### getRevokedCert10+
-getRevokedCert(serialNumber : number) : X509CrlEntry
+getRevokedCert(serialNumber : bigint) : X509CRLEntry
表示通过指定证书序列号获取被吊销X509证书对象。
@@ -2084,13 +3068,13 @@ getRevokedCert(serialNumber : number) : X509CrlEntry
| 参数名 | 类型 | 必填 | 说明 |
| ------------ | ------ | ---- | -------------- |
-| serialNumber | number | 是 | 表示证书序列号 |
+| serialNumber | bigint | 是 | 表示证书序列号 |
**返回值**:
| 类型 | 说明 |
| ---------------------- | --------------------- |
-| [X509CrlEntry](#x509crlentry) | 表示被吊销X509证书对象 |
+| [X509CRLEntry](#x509crlentry) | 表示被吊销X509证书对象 |
**错误码:**
@@ -2111,15 +3095,15 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
// 业务需赋值为对应证书的序列号
- let serialNumber = 1000;
+ let serialNumber = BigInt('1000');
try {
- let entry = x509Crl.getRevokedCert(serialNumber);
+ let entry = x509CRL.getRevokedCert(serialNumber);
} catch (error) {
console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -2127,9 +3111,9 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getRevokedCertWithCert
+### getRevokedCertWithCert10+
-getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry
+getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry
表示通过指定证书对象获取被吊销X509证书对象。
@@ -2145,7 +3129,7 @@ getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry
| 类型 | 说明 |
| ------------ | -------------------- |
-| [X509CrlEntry](#x509crlentry) | 表示被吊销X509证书对象 |
+| [X509CRLEntry](#x509crlentry) | 表示被吊销X509证书对象 |
**错误码:**
@@ -2166,15 +3150,15 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
// 业务需自行生成X509Cert证书对象
let x509Cert = null;
try {
- let entry = x509Crl.getRevokedCertWithCert(x509Cert);
+ let entry = x509CRL.getRevokedCertWithCert(x509Cert);
} catch (error) {
console.log("getRevokedCertWithCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -2182,9 +3166,9 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getRevokedCerts
+### getRevokedCerts10+
-getRevokedCerts(callback : AsyncCallback>) : void
+getRevokedCerts(callback : AsyncCallback>) : void
表示获取被吊销X509证书列表,使用Callback回调异步返回结果。
@@ -2194,7 +3178,7 @@ getRevokedCerts(callback : AsyncCallback>) : void
| 参数名 | 类型 | 必填 | 说明 |
| -------- | ---------------------------------------------------- | ---- | -------------------------------- |
-| callback | AsyncCallback> | 是 | 回调函数。表示被吊销X509证书列表 |
+| callback | AsyncCallback> | 是 | 回调函数。表示被吊销X509证书列表 |
**错误码:**
@@ -2215,12 +3199,12 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- x509Crl.getRevokedCerts(function (error, array) {
+ console.log("createX509CRL success");
+ x509CRL.getRevokedCerts(function (error, array) {
if (error != null) {
console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
@@ -2231,9 +3215,9 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getRevokedCerts
+### getRevokedCerts10+
-getRevokedCerts() : Promise>
+getRevokedCerts() : Promise>
表示获取被吊销X509证书列表,使用Promise方式异步返回结果。
@@ -2243,7 +3227,7 @@ getRevokedCerts() : Promise>
| 类型 | 说明 |
| ---------------------------------------------- | ---------------------- |
-| Promise> | 表示被吊销X509证书列表 |
+| Promise> | 表示被吊销X509证书列表 |
**错误码:**
@@ -2264,19 +3248,19 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
- console.log("createX509Crl success");
- x509Crl.getRevokedCerts().then(array => {
+cryptoCert.createX509CRL(encodingBlob).then(x509CRL => {
+ console.log("createX509CRL success");
+ x509CRL.getRevokedCerts().then(array => {
console.log("getRevokedCerts success");
}, error => {
console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
-### getTbsInfo
+### getTbsInfo10+
getTbsInfo() : DataBlob
@@ -2310,13 +3294,13 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
try {
- let tbsInfo = x509Crl.getTbsInfo();
+ let tbsInfo = x509CRL.getTbsInfo();
} catch (error) {
console.log("getTbsInfo failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -2324,7 +3308,7 @@ cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
});
```
-### getSignature
+### getSignature10+
getSignature() : DataBlob
@@ -2358,17 +3342,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let signature = x509Crl.getSignature();
+ console.log("createX509CRL success");
+ let signature = x509CRL.getSignature();
}
});
```
-### getSignatureAlgName
+### getSignatureAlgName10+
getSignatureAlgName() : string
@@ -2402,17 +3386,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let sigAlgName = x509Crl.getSignatureAlgName();
+ console.log("createX509CRL success");
+ let sigAlgName = x509CRL.getSignatureAlgName();
}
});
```
-### getSignatureAlgOid
+### getSignatureAlgOid10+
getSignatureAlgOid() : string
@@ -2446,17 +3430,17 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let sigAlgOid = x509Crl.getSignatureAlgOid();
+ console.log("createX509CRL success");
+ let sigAlgOid = x509CRL.getSignatureAlgOid();
}
});
```
-### getSignatureAlgParams
+### getSignatureAlgParams10+
getSignatureAlgParams() : DataBlob
@@ -2490,12 +3474,12 @@ let encodingBlob = {
// 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
-cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
+cryptoCert.createX509CRL(encodingBlob, function (error, x509CRL) {
if (error != null) {
- console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
+ console.log("createX509CRL failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
- console.log("createX509Crl success");
- let sigAlgParams = x509Crl.getSignatureAlgParams();
+ console.log("createX509CRL success");
+ let sigAlgParams = x509CRL.getSignatureAlgParams();
}
});
```
@@ -2686,11 +3670,15 @@ let validator = cryptoCert.createCertChainValidator("PKIX");
let algorithm = validator.algorithm;
```
-## X509CrlEntry
+## X509CrlEntry(deprecated)
被吊销证书对象。
-### getEncoded
+> **说明:**
+>
+> 从API version 9开始支持,从API version 10开始废弃,建议使用[X509CRLEntry](#x509crlentry10)中的同名方法替代。
+
+### getEncoded(deprecated)
getEncoded(callback : AsyncCallback\) : void
@@ -2728,7 +3716,7 @@ x509CrlEntry.getEncoded(function (error, data) {
});
```
-### getEncoded
+### getEncoded(deprecated)
getEncoded() : Promise\
@@ -2764,7 +3752,7 @@ x509CrlEntry.getEncoded().then(result => {
});
```
-### getSerialNumber
+### getSerialNumber(deprecated)
getSerialNumber() : number
@@ -2788,7 +3776,7 @@ let x509CrlEntry = null;
let serialNumber = x509CrlEntry.getSerialNumber();
```
-### getCertIssuer
+### getCertIssuer(deprecated)
getCertIssuer() : DataBlob
@@ -2823,7 +3811,7 @@ try {
}
```
-### getRevocationDate
+### getRevocationDate(deprecated)
getRevocationDate() : string
@@ -2858,3 +3846,176 @@ try {
console.log("getRevocationDate failed, errCode: " + error.code + ", errMsg: " + error.message);
}
```
+
+## X509CRLEntry10+
+
+被吊销证书对象。
+
+### getEncoded10+
+
+getEncoded(callback : AsyncCallback\) : void
+
+表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**参数**:
+
+| 参数名 | 类型 | 必填 | 说明 |
+| -------- | --------------------------------------------- | ---- | ------------------------------------ |
+| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示被吊销证书的序列化数据 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 业务需通过X509CRL的getRevokedCert相关方法获取X509CRLEntry
+let x509CRLEntry = null;
+x509CRLEntry.getEncoded(function (error, data) {
+ if (error != null) {
+ console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
+ } else {
+ console.log("getEncoded success");
+ }
+});
+```
+
+### getEncoded10+
+
+getEncoded() : Promise\
+
+表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------------------------- | -------------------------- |
+| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 业务需通过X509CRL的getRevokedCert相关方法获取X509CRLEntry
+let x509CRLEntry = null;
+x509CRLEntry.getEncoded().then(result => {
+ console.log("getEncoded success");
+}, error => {
+ console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
+});
+```
+
+### getSerialNumber10+
+
+getSerialNumber() : bigint
+
+表示获取被吊销证书的序列号。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | ---------------------- |
+| bigint | 表示被吊销证书的序列号 |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 业务需通过X509CRL的getRevokedCert相关方法获取X509CRLEntry
+let x509CRLEntry = null;
+let serialNumber = x509CRLEntry.getSerialNumber();
+```
+
+### getCertIssuer10+
+
+getCertIssuer() : DataBlob
+
+表示获取被吊销证书的颁发者信息。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| --------------------- | ----------------------- |
+| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | -------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 业务需通过X509CRL的getRevokedCert相关方法获取X509CRLEntry
+let x509CRLEntry = null;
+try {
+ let issuer = x509CRLEntry.getCertIssuer();
+} catch (error) {
+ console.log("getCertIssuer failed, errCode: " + error.code + ", errMsg: " + error.message);
+}
+```
+
+### getRevocationDate10+
+
+getRevocationDate() : string
+
+表示获取证书被吊销的日期。
+
+**系统能力:** SystemCapability.Security.Cert
+
+**返回值**:
+
+| 类型 | 说明 |
+| ------ | ------------------ |
+| string | 表示证书被吊销的日期 |
+
+**错误码:**
+
+| 错误码ID | 错误信息 |
+| -------- | ----------------------- |
+| 19020001 | memory error. |
+| 19020002 | runtime error. |
+| 19030001 | crypto operation error. |
+
+**示例:**
+
+```js
+import cryptoCert from '@ohos.security.cert';
+
+// 业务需通过X509CRL的getRevokedCert相关方法获取X509CRLEntry
+let x509CRLEntry = null;
+try {
+ let date = x509CRLEntry.getRevocationDate();
+} catch (error) {
+ console.log("getRevocationDate failed, errCode: " + error.code + ", errMsg: " + error.message);
+}
+```
diff --git a/zh-cn/application-dev/security/cert-guidelines.md b/zh-cn/application-dev/security/cert-guidelines.md
index cb77fbca5ef8270c8440f941668c39a8f6c2f055..a2c1cc157b67583acd010edc23c840c3305ab8d7 100755
--- a/zh-cn/application-dev/security/cert-guidelines.md
+++ b/zh-cn/application-dev/security/cert-guidelines.md
@@ -258,6 +258,10 @@ function certExtensionSample() {
## 使用证书吊销列表操作
+> **说明**
+>
+> 本场景基于API version 10,OH SDK版本4.0.10及以上,适用于JS语言开发
+
**场景说明**
使用证书吊销列表操作中,典型的场景有:
@@ -277,27 +281,27 @@ function certExtensionSample() {
| 实例名 | 接口名 | 描述 |
| --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
-| cryptoCert | createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\) : void | 使用callback方式解析X509证书吊销列表数据生成证书吊销列表对象 |
-| cryptoCert | createX509Crl(inStream : EncodingBlob) : Promise\ | 使用promise方式解析X509证书吊销列表数据生成证书吊销列表对象 |
-| X509Crl | isRevoked(cert : X509Cert) : boolean | 检查证书是否被吊销 |
-| X509Crl | getType() : string | 获取证书吊销列表类型 |
-| X509Crl | getEncoded(callback : AsyncCallback\) : void | 使用callback方式获取证书吊销列表序列化数据 |
-| X509Crl | getEncoded() : Promise\ | 使用promise方式获取证书吊销列表序列化数据 |
-| X509Crl | verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void | 使用callback方式进行证书吊销列表验签 |
-| X509Crl | verify(key : cryptoFramework.PubKey) : Promise\ | 使用Promise方式进行证书吊销列表验签 |
-| X509Crl | getVersion() : number | 获取证书吊销列表版本 |
-| X509Crl | getIssuerName() : DataBlob | 获取证书吊销列表颁发者名称 |
-| X509Crl | getLastUpdate() : string | 获取证书吊销列表lastUpdate日期 |
-| X509Crl | getNextUpdate() : string | 获取证书吊销列表nextUpdate日期 |
-| X509Crl | getRevokedCert(serialNumber : number) : X509CrlEntry | 通过序列号获取证书吊销列表中的被吊销证书 |
-| X509Crl | getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry | 通过X509证书获取证书吊销列表中的被吊销证书 |
-| X509Crl | getRevokedCerts(callback : AsyncCallback\>) : void | 使用callback方式获取证书吊销列表的所有被吊销证书 |
-| X509Crl | getRevokedCerts() : Promise\> | 使用Promise方式获取证书吊销列表的所有被吊销证书 |
-| X509Crl | getTbsInfo() : DataBlob | 获取证书吊销列表的tbsCertList |
-| X509Crl | getSignature() : DataBlob | 获取证书吊销列表的签名 |
-| X509Crl | getSignatureAlgName() : string | 获取证书吊销列表的签名算法名称 |
-| X509Crl | getSignatureAlgOid() : string | 获取证书吊销列表的签名算法OID |
-| X509Crl | getSignatureAlgParams() : DataBlob | 获取证书吊销列表的签名算法参数 |
+| cryptoCert | createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\) : void | 使用callback方式解析X509证书吊销列表数据生成证书吊销列表对象 |
+| cryptoCert | createX509CRL(inStream : EncodingBlob) : Promise\ | 使用promise方式解析X509证书吊销列表数据生成证书吊销列表对象 |
+| X509CRL | isRevoked(cert : X509Cert) : boolean | 检查证书是否被吊销 |
+| X509CRL | getType() : string | 获取证书吊销列表类型 |
+| X509CRL | getEncoded(callback : AsyncCallback\) : void | 使用callback方式获取证书吊销列表序列化数据 |
+| X509CRL | getEncoded() : Promise\ | 使用promise方式获取证书吊销列表序列化数据 |
+| X509CRL | verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void | 使用callback方式进行证书吊销列表验签 |
+| X509CRL | verify(key : cryptoFramework.PubKey) : Promise\ | 使用Promise方式进行证书吊销列表验签 |
+| X509CRL | getVersion() : number | 获取证书吊销列表版本 |
+| X509CRL | getIssuerName() : DataBlob | 获取证书吊销列表颁发者名称 |
+| X509CRL | getLastUpdate() : string | 获取证书吊销列表lastUpdate日期 |
+| X509CRL | getNextUpdate() : string | 获取证书吊销列表nextUpdate日期 |
+| X509CRL | getRevokedCert(serialNumber : bigint) : X509CRLEntry | 通过序列号获取证书吊销列表中的被吊销证书 |
+| X509CRL | X509CRLEntry | 通过X509证书获取证书吊销列表中的被吊销证书 |
+| X509CRL | getRevokedCerts(callback : AsyncCallback\>) : void | 使用callback方式获取证书吊销列表的所有被吊销证书 |
+| X509CRL | getRevokedCerts() : Promise\> | 使用Promise方式获取证书吊销列表的所有被吊销证书 |
+| X509CRL | getTbsInfo() : DataBlob | 获取证书吊销列表的tbsCertList |
+| X509CRL | getSignature() : DataBlob | 获取证书吊销列表的签名 |
+| X509CRL | getSignatureAlgName() : string | 获取证书吊销列表的签名算法名称 |
+| X509CRL | getSignatureAlgOid() : string | 获取证书吊销列表的签名算法OID |
+| X509CRL | getSignatureAlgParams() : DataBlob | 获取证书吊销列表的签名算法参数 |
**开发步骤**
@@ -339,20 +343,20 @@ function crlSample() {
};
// 创建证书吊销列表对象
- cryptoCert.createX509Crl(encodingBlob, function (err, x509Crl) {
+ cryptoCert.createX509CRL(encodingBlob, function (err, x509CRL) {
if (err != null) {
// 创建证书吊销列表对象失败
- console.log("createX509Crl failed, errCode: " + err.code + ", errMsg: " + err.message);
+ console.log("createX509CRL failed, errCode: " + err.code + ", errMsg: " + err.message);
return;
}
// 创建证书吊销列表对象成功
- console.log("createX509Crl success");
+ console.log("createX509CRL success");
// 获取证书吊销列表版本
- let version = x509Crl.getVersion();
+ let version = x509CRL.getVersion();
// 获取证书吊销列表对象的序列化数据
- x509Crl.getEncoded(function (err, data) {
+ x509CRL.getEncoded(function (err, data) {
if (err != null) {
// 获取序列化数据失败
console.log("getEncoded failed, errCode: " + err.code + ", errMsg: " + err.message);
@@ -366,7 +370,7 @@ function crlSample() {
let x509Cert = null;
// 检查证书是否被吊销
try {
- let revokedFlag = x509Crl.isRevoked(x509Cert);
+ let revokedFlag = x509CRL.isRevoked(x509Cert);
} catch (error) {
console.log("isRevoked failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -375,7 +379,7 @@ function crlSample() {
let pubKey = null;
// 证书吊销列表验签
- x509Crl.verify(pubKey, function (err, data) {
+ x509CRL.verify(pubKey, function (err, data) {
if (err == null) {
// 验签成功
console.log("verify success");
@@ -385,12 +389,12 @@ function crlSample() {
}
});
- // 证书序列号,业务需自行设置
- let serialNumber = 1000;
+ // 证书序列号,需为bigint类型,业务需自行设置
+ let serialNumber = BigInt('1000');
// 获取被吊销证书对象
try {
- let entry = x509Crl.getRevokedCert(serialNumber);
+ let entry = x509CRL.getRevokedCert(serialNumber);
} catch (error) {
console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
@@ -508,6 +512,10 @@ function certChainValidatorSample() {
## 使用被吊销证书操作
+> **说明**
+>
+> 本场景基于API version 10,OH SDK版本4.0.10及以上,适用于JS语言开发
+
**场景说明**
使用被吊销证书操作中,典型的场景有:
@@ -522,13 +530,13 @@ function certChainValidatorSample() {
以上场景涉及的常用接口如下表所示:
-| 实例名 | 接口名 | 描述 |
-| ------------ | ----------------------------------------------------------- | ---------------------------------------- |
-| X509CrlEntry | getEncoded(callback : AsyncCallback\) : void; | 使用callback方式获取被吊销证书的序列化数据 |
-| X509CrlEntry | getEncoded() : Promise\; | 使用promise方式获取被吊销证书的序列化数据 |
-| X509CrlEntry | getSerialNumber() : number; | 获取被吊销证书的序列号 |
-| X509CrlEntry | getCertIssuer() : DataBlob; | 获取被吊销证书颁发者 |
-| X509CrlEntry | getRevocationDate() : string; | 获取被吊销证书的吊销日期 |
+| 实例名 | 接口名 | 描述 |
+| ------------ | ----------------------------------------------------------- | ------------------------------------------ |
+| X509CRLEntry | getEncoded(callback : AsyncCallback\) : void; | 使用callback方式获取被吊销证书的序列化数据 |
+| X509CRLEntry | getEncoded() : Promise\; | 使用promise方式获取被吊销证书的序列化数据 |
+| X509CRLEntry | getSerialNumber() : bigint; | 获取被吊销证书的序列号 |
+| X509CRLEntry | getCertIssuer() : DataBlob; | 获取被吊销证书颁发者 |
+| X509CRLEntry | getRevocationDate() : string; | 获取被吊销证书的吊销日期 |
**开发步骤**
@@ -539,14 +547,14 @@ import cryptoCert from '@ohos.security.cert';
// 被吊销证书示例
function crlEntrySample() {
- // 业务需自行通过cryptoFramework的createX509Crl接口创建X509Crl对象,此处省略
- let x509Crl = null;
+ // 业务需自行通过cryptoFramework的createX509CRL接口创建X509CRL对象,此处省略
+ let x509CRL = null;
- // 获取被吊销证书对象,业务需根据场景调用X509Crl的接口获取,此示例使用getRevokedCert获取
- let serialNumber = 1000;
+ // 获取被吊销证书对象,业务需根据场景调用X509CRL的接口获取,此示例使用getRevokedCert获取,serialNumber需为bigint类型
+ let serialNumber = 1000n;
let crlEntry = null;
try {
- crlEntry = x509Crl.getRevokedCert(serialNumber);
+ crlEntry = x509CRL.getRevokedCert(serialNumber);
} catch (error) {
console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
diff --git a/zh-cn/release-notes/changelogs/OpenHarmony_4.0.10.1/changelogs-cert.md b/zh-cn/release-notes/changelogs/OpenHarmony_4.0.10.1/changelogs-cert.md
index 84977772fee92ac1f2579de3b6b8b7a7444a328f..d9cd63b9aae9e7d2bf4ee8af6b8ce6d60ccd9f23 100644
--- a/zh-cn/release-notes/changelogs/OpenHarmony_4.0.10.1/changelogs-cert.md
+++ b/zh-cn/release-notes/changelogs/OpenHarmony_4.0.10.1/changelogs-cert.md
@@ -33,3 +33,109 @@ interface X509Cert {
**适配指导**
接口使用的示例代码可参考[证书开发指导](../../../application-dev/security/cert-guidelines.md)和[API参考](../../../application-dev/reference/apis/js-apis-cert.md)。
+
+## cl.cert.2 createX509Crl接口变更
+
+createX509Crl接口变更为createX509CRL接口,接口返回值类型也从X509Crl变更为X509CRL。
+
+**变更影响**
+
+从API version 10开始,createX509Crl接口废弃。应用需要自行适配为createX509CRL接口。接口功能不变。
+
+**关键的接口/组件变更**
+
+修改前的接口原型:
+
+ ```js
+function createX509Crl(inStream: EncodingBlob, callback: AsyncCallback): void;
+function createX509Crl(inStream: EncodingBlob): Promise;
+ ```
+
+修改后的接口原型:
+
+ ```js
+function createX509CRL(inStream: EncodingBlob, callback: AsyncCallback): void;
+function createX509CRL(inStream: EncodingBlob): Promise;
+ ```
+
+**适配指导**
+
+接口使用的示例代码可参考[证书开发指导](../../../application-dev/security/cert-guidelines.md)和[API参考](../../../application-dev/reference/apis/js-apis-cert.md)。
+
+## cl.cert.3 X509Crl接口变更
+
+X509Crl接口名变更为X509CRL,接口的所有成员函数函数名不变。部分函数发生变更:
+
+- getRevokedCert函数入参类型从number变更为bigint。
+
+- getRevokedCert、getRevokedCertWithCert和getRevokedCerts函数返回值类型从X509CrlEntry变更为X509CRLEntry。
+
+**变更影响**
+
+从API version 10开始,X509Crl接口废弃。应用需要自行适配为X509CRL。
+
+**关键的接口/组件变更**
+
+修改前的接口原型:
+
+ ```js
+interface X509Crl {
+ ...
+ getRevokedCert(serialNumber: number): X509CrlEntry;
+ getRevokedCertWithCert(cert: X509Cert): X509CrlEntry;
+ getRevokedCerts(callback: AsyncCallback>): void;
+ getRevokedCerts(): Promise>;
+ ...
+}
+ ```
+
+修改后的接口原型:
+
+ ```js
+interface X509CRL {
+ ...
+ getRevokedCert(serialNumber: bigint): X509CRLEntry;
+ getRevokedCertWithCert(cert: X509Cert): X509CRLEntry;
+ getRevokedCerts(callback: AsyncCallback>): void;
+ getRevokedCerts(): Promise>;
+ ...
+}
+ ```
+
+**适配指导**
+
+接口使用的示例代码可参考[证书开发指导](../../../application-dev/security/cert-guidelines.md)和[API参考](../../../application-dev/reference/apis/js-apis-cert.md)。
+
+## cl.cert.4 X509CrlEntry接口变更
+
+X509CrlEntry接口名变更为X509CRLEntry,接口的所有成员函数函数名不变,但其中的getSerialNumber函数返回值类型从number变更为bigint。
+
+**变更影响**
+
+从API version 10开始,X509CrlEntry接口废弃。应用需要自行适配为X509CrlEntry。
+
+**关键的接口/组件变更**
+
+修改前的接口原型:
+
+ ```js
+interface X509CrlEntry {
+ ...
+ getSerialNumber(): number;
+ ...
+}
+ ```
+
+修改后的接口原型:
+
+ ```js
+interface X509CRLEntry {
+ ...
+ getSerialNumber(): bigint;
+ ...
+}
+ ```
+
+**适配指导**
+
+接口使用的示例代码可参考[证书开发指导](../../../application-dev/security/cert-guidelines.md)和[API参考](../../../application-dev/reference/apis/js-apis-cert.md)。
\ No newline at end of file