Freigeben über


ICertificatePolicy Schnittstelle

Definition

Überprüft ein Serverzertifikat.

public interface class ICertificatePolicy
public interface ICertificatePolicy
type ICertificatePolicy = interface
Public Interface ICertificatePolicy

Beispiele

Im folgenden Beispiel wird eine Zertifikatrichtlinie erstellt, die für ein beliebiges Zertifikatproblem zurückgibt false , und eine Meldung ausgibt, die das Problem in der Konsole angibt. Die CertificateProblem-Enumeration definiert SSPI-Konstanten für Zertifikatprobleme, und die private GetProblemMessage-Methode erstellt eine druckbare Nachricht zum Problem.

public enum class CertificateProblem : UInt32
{
   CertEXPIRED = 0x800B0101,
   CertVALIDITYPERIODNESTING = 0x800B0102,
   CertROLE = 0x800B0103,
   CertPATHLENCONST = 0x800B0104,
   CertCRITICAL = 0x800B0105,
   CertPURPOSE = 0x800B0106,
   CertISSUERCHAINING = 0x800B0107,
   CertMALFORMED = 0x800B0108,
   CertUNTRUSTEDROOT = 0x800B0109,
   CertCHAINING = 0x800B010A,
   CertREVOKED = 0x800B010C,
   CertUNTRUSTEDTESTROOT = 0x800B010D,
   CertREVOCATION_FAILURE = 0x800B010E,
   CertCN_NO_MATCH = 0x800B010F,
   CertWRONG_USAGE = 0x800B0110,
   CertUNTRUSTEDCA = 0x800B0112
};

public ref class MyCertificateValidation: public ICertificatePolicy
{
public:

   // Default policy for certificate validation.
   static bool DefaultValidate = false;
   virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem )
   {
      bool ValidationResult = false;
      Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri );
      Console::Write( "Problem code 0x{0:X8},", (int)problem );
      Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) );
      ValidationResult = DefaultValidate;
      return ValidationResult;
   }

private:
   String^ GetProblemMessage( CertificateProblem Problem )
   {
      String^ ProblemMessage = "";
      CertificateProblem problemList = CertificateProblem(  );
      String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem );
      if ( ProblemCodeName != nullptr )
            ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName );
      else
            ProblemMessage = "Unknown Certificate Problem";

      return ProblemMessage;
   }
};
public  enum    CertificateProblem  : long
{
        CertEXPIRED                   = 0x800B0101,
        CertVALIDITYPERIODNESTING     = 0x800B0102,
        CertROLE                      = 0x800B0103,
        CertPATHLENCONST              = 0x800B0104,
        CertCRITICAL                  = 0x800B0105,
        CertPURPOSE                   = 0x800B0106,
        CertISSUERCHAINING            = 0x800B0107,
        CertMALFORMED                 = 0x800B0108,
        CertUNTRUSTEDROOT             = 0x800B0109,
        CertCHAINING                  = 0x800B010A,
        CertREVOKED                   = 0x800B010C,
        CertUNTRUSTEDTESTROOT         = 0x800B010D,
        CertREVOCATION_FAILURE        = 0x800B010E,
        CertCN_NO_MATCH               = 0x800B010F,
        CertWRONG_USAGE               = 0x800B0110,
        CertUNTRUSTEDCA               = 0x800B0112
}

public class MyCertificateValidation : ICertificatePolicy
{
    // Default policy for certificate validation.
    public static bool DefaultValidate = false;

    public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
       WebRequest request, int problem)
    {
        bool ValidationResult=false;
        Console.WriteLine("Certificate Problem with accessing " +
           request.RequestUri);
        Console.Write("Problem code 0x{0:X8},",(int)problem);
        Console.WriteLine(GetProblemMessage((CertificateProblem)problem));

        ValidationResult = DefaultValidate;
        return ValidationResult;
    }

    private String GetProblemMessage(CertificateProblem Problem)
    {
        String ProblemMessage = "";
        CertificateProblem problemList = new CertificateProblem();
        String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
        if(ProblemCodeName != null)
           ProblemMessage = ProblemMessage + "-Certificateproblem:" +
              ProblemCodeName;
        else
           ProblemMessage = "Unknown Certificate Problem";
        return ProblemMessage;
     }
}
Public Enum CertificateProblem As Long
    CertEXPIRED                   = 2148204801    ' 0x800B0101
    CertVALIDITYPERIODNESTING     = 2148204802    ' 0x800B0102
    CertROLE                      = 2148204803    ' 0x800B0103
    CertPATHLENCONST              = 2148204804    ' 0x800B0104
    CertCRITICAL                  = 2148204805    ' 0x800B0105
    CertPURPOSE                   = 2148204806    ' 0x800B0106
    CertISSUERCHAINING            = 2148204807    ' 0x800B0107
    CertMALFORMED                 = 2148204808    ' 0x800B0108
    CertUNTRUSTEDROOT             = 2148204809    ' 0x800B0109
    CertCHAINING                  = 2148204810    ' 0x800B010A
    CertREVOKED                   = 2148204812    ' 0x800B010C
    CertUNTRUSTEDTESTROOT         = 2148204813    ' 0x800B010D       
    CertREVOCATION_FAILURE        = 2148204814    ' 0x800B010E
    CertCN_NO_MATCH               = 2148204815    ' 0x800B010F
    CertWRONG_USAGE               = 2148204816    ' 0x800B0110
    CertUNTRUSTEDCA               = 2148204818     ' 0x800B0112
End Enum


Public Class MyCertificateValidation
    Implements ICertificatePolicy
    
    ' Default policy for certificate validation.
    Public Shared DefaultValidate As Boolean = False    
    
    Public Function CheckValidationResult(srvPoint As ServicePoint, _
       cert As X509Certificate, request As WebRequest, problem As Integer) _
       As Boolean Implements ICertificatePolicy.CheckValidationResult
       
        Dim ValidationResult As Boolean = False
        Console.WriteLine(("Certificate Problem with accessing " & _
           request.RequestUri.ToString()))
        Console.Write("Problem code 0x{0:X8},", CInt(problem))
        Console.WriteLine(GetProblemMessage(CType(problem, _
           CertificateProblem)))
        
        ValidationResult = DefaultValidate
        Return ValidationResult
    End Function    
    
    Private Function GetProblemMessage(Problem As CertificateProblem) As String
        Dim ProblemMessage As String = ""
        Dim problemList As New CertificateProblem()
        Dim ProblemCodeName As String = System.Enum.GetName( _
           problemList.GetType(), Problem)
        If Not (ProblemCodeName Is Nothing) Then
            ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
               ProblemCodeName
        Else
            ProblemMessage = "Unknown Certificate Problem"
        End If
        Return ProblemMessage
    End Function
End Class

Hinweise

Die ICertificatePolicy Schnittstelle wird verwendet, um eine benutzerdefinierte Sicherheitszertifikatüberprüfung für eine Anwendung bereitzustellen. Die Standardrichtlinie besteht darin, gültige Zertifikate sowie gültige Zertifikate zuzulassen, die abgelaufen sind. Um diese Richtlinie zu ändern, implementieren Sie die ICertificatePolicy Schnittstelle mit einer anderen Richtlinie, und weisen Sie diese Richtlinie dann zu ServicePointManager.CertificatePolicy.

ICertificatePolicy verwendet die Security Support Provider Interface (SSPI). Weitere Informationen finden Sie in der SSPI-Dokumentation auf MSDN.

Methoden

CheckValidationResult(ServicePoint, X509Certificate, WebRequest, Int32)

Überprüft ein Serverzertifikat.

Gilt für: