Rediger

Del via


X509BasicConstraintsExtension Class

Definition

Defines the constraints set on a certificate. This class cannot be inherited.

public ref class X509BasicConstraintsExtension sealed : System::Security::Cryptography::X509Certificates::X509Extension
public sealed class X509BasicConstraintsExtension : System.Security.Cryptography.X509Certificates.X509Extension
type X509BasicConstraintsExtension = class
    inherit X509Extension
Public NotInheritable Class X509BasicConstraintsExtension
Inherits X509Extension
Inheritance
X509BasicConstraintsExtension

Examples

The following code example demonstrates how to open a user's personal certificate store and display information about each certificate in the store. This example uses the X509BasicConstraintsExtension class to display the information.

#using <System.dll>
#using <system.security.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{
   try
   {
      X509Store^ store = gcnew X509Store( L"MY",StoreLocation::CurrentUser );
      store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
      X509Certificate2Collection^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
      for ( int i = 0; i < collection->Count; i++ )
      {
         System::Collections::IEnumerator^ myEnum = collection[ i ]->Extensions->GetEnumerator();
         while ( myEnum->MoveNext() )
         {
            X509Extension^ extension = safe_cast<X509Extension^>(myEnum->Current);
            Console::WriteLine( L"{0}({1})", extension->Oid->FriendlyName, extension->Oid->Value );
            if ( extension->Oid->FriendlyName == L"Key Usage" )
            {
               X509KeyUsageExtension^ ext = dynamic_cast<X509KeyUsageExtension^>(extension);
               Console::WriteLine( ext->KeyUsages );
            }
            if ( extension->Oid->FriendlyName == L"Basic Constraints" )
            {
               X509BasicConstraintsExtension^ ext = dynamic_cast<X509BasicConstraintsExtension^>(extension);
               Console::WriteLine( ext->CertificateAuthority );
               Console::WriteLine( ext->HasPathLengthConstraint );
               Console::WriteLine( ext->PathLengthConstraint );
            }
            if ( extension->Oid->FriendlyName == L"Subject Key Identifier" )
            {
               X509SubjectKeyIdentifierExtension^ ext = dynamic_cast<X509SubjectKeyIdentifierExtension^>(extension);
               Console::WriteLine( ext->SubjectKeyIdentifier );
            }
            if ( extension->Oid->FriendlyName == L"Enhanced Key Usage" )
            {
               X509EnhancedKeyUsageExtension^ ext = dynamic_cast<X509EnhancedKeyUsageExtension^>(extension);
               OidCollection^ oids = ext->EnhancedKeyUsages;
               System::Collections::IEnumerator^ myEnum1 = oids->GetEnumerator();
               while ( myEnum1->MoveNext() )
               {
                  Oid^ oid = safe_cast<Oid^>(myEnum1->Current);
                  Console::WriteLine( L"{0}({1})", oid->FriendlyName, oid->Value );
               }
            }
         }

      }
      store->Close();
   }
   catch ( CryptographicException^ ) 
   {
      Console::WriteLine( L"Information could not be written out for this certificate." );
   }

}
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertSelect
{
    public static void Main()
    {
        try
        {
            X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
            for (int i = 0; i < collection.Count; i++)
            {
                foreach (X509Extension extension in collection[i].Extensions)
                {
                    Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");

                    if (extension.Oid.FriendlyName == "Key Usage")
                    {
                        X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
                        Console.WriteLine(ext.KeyUsages);
                    }

                    if (extension.Oid.FriendlyName == "Basic Constraints")
                    {
                        X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
                        Console.WriteLine(ext.CertificateAuthority);
                        Console.WriteLine(ext.HasPathLengthConstraint);
                        Console.WriteLine(ext.PathLengthConstraint);
                    }

                    if (extension.Oid.FriendlyName == "Subject Key Identifier")
                    {
                        X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
                        Console.WriteLine(ext.SubjectKeyIdentifier);
                    }

                    if (extension.Oid.FriendlyName == "Enhanced Key Usage")
                    {
                        X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
                        OidCollection oids = ext.EnhancedKeyUsages;
                        foreach (Oid oid in oids)
                        {
                            Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
                        }
                    }
                }
            }
            store.Close();
        }
        catch (CryptographicException)
        {
            Console.WriteLine("Information could not be written out for this certificate.");
        }
    }
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates



Module CertSelect

    Sub Main()
        Try
            Dim store As New X509Store("MY", StoreLocation.CurrentUser)
            store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)

            Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
            For i As Integer = 0 To collection.Count - 1
                Dim extension As X509Extension
                For Each extension In collection(i).Extensions
                    Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")")


                    If extension.Oid.FriendlyName = "Key Usage" Then
                        Dim ext As X509KeyUsageExtension = CType(extension, X509KeyUsageExtension)
                        Console.WriteLine(ext.KeyUsages)
                    End If

                    If extension.Oid.FriendlyName = "Basic Constraints" Then
                        Dim ext As X509BasicConstraintsExtension = CType(extension, X509BasicConstraintsExtension)
                        Console.WriteLine(ext.CertificateAuthority)
                        Console.WriteLine(ext.HasPathLengthConstraint)
                        Console.WriteLine(ext.PathLengthConstraint)
                    End If

                    If extension.Oid.FriendlyName = "Subject Key Identifier" Then
                        Dim ext As X509SubjectKeyIdentifierExtension = CType(extension, X509SubjectKeyIdentifierExtension)
                        Console.WriteLine(ext.SubjectKeyIdentifier)
                    End If

                    If extension.Oid.FriendlyName = "Enhanced Key Usage" Then
                        Dim ext As X509EnhancedKeyUsageExtension = CType(extension, X509EnhancedKeyUsageExtension)
                        Dim oids As OidCollection = ext.EnhancedKeyUsages
                        Dim oid As Oid
                        For Each oid In oids
                            Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")")
                        Next oid
                    End If
                Next extension
            Next i
            store.Close()
        Catch
            Console.WriteLine("Information could not be written out for this certificate.")
        End Try

    End Sub
End Module

Remarks

This class provides properties that define the basic constraints set on a certificate.

Constructors

X509BasicConstraintsExtension()

Initializes a new instance of the X509BasicConstraintsExtension class.

X509BasicConstraintsExtension(AsnEncodedData, Boolean)

Initializes a new instance of the X509BasicConstraintsExtension class using an AsnEncodedData object and a value that identifies whether the extension is critical.

X509BasicConstraintsExtension(Boolean, Boolean, Int32, Boolean)

Initializes a new instance of the X509BasicConstraintsExtension class. Parameters specify a value that indicates whether a certificate is a certificate authority (CA) certificate, a value that indicates whether the certificate has a restriction on the number of path levels it allows, the number of levels allowed in a certificate's path, and a value that indicates whether the extension is critical.

Properties

CertificateAuthority

Gets a value indicating whether a certificate is a certificate authority (CA) certificate.

Critical

Gets a Boolean value indicating whether the extension is critical.

(Inherited from X509Extension)
HasPathLengthConstraint

Gets a value indicating whether a certificate has a restriction on the number of path levels it allows.

Oid

Gets or sets the Oid value for an AsnEncodedData object.

(Inherited from AsnEncodedData)
PathLengthConstraint

Gets the number of levels allowed in a certificate's path.

RawData

Gets or sets the Abstract Syntax Notation One (ASN.1)-encoded data represented in a byte array.

(Inherited from AsnEncodedData)

Methods

CopyFrom(AsnEncodedData)

Initializes a new instance of the X509BasicConstraintsExtension class using an AsnEncodedData object.

CreateForCertificateAuthority(Nullable<Int32>)

Creates an instance of X509BasicConstraintsExtension appropriate for a certificate authority, optionally including a path length constraint value.

CreateForEndEntity(Boolean)

Creates an instance of X509BasicConstraintsExtension appropriate for an end-entity certificate, optionally marking the extension as critical.

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
Format(Boolean)

Returns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string.

(Inherited from AsnEncodedData)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ToString()

Returns a string that represents the current object.

(Inherited from Object)

Applies to