X509ChainPolicy Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents the chain policy to be applied when building an X509 certificate chain. This class cannot be inherited.
public ref class X509ChainPolicy sealedpublic sealed class X509ChainPolicytype X509ChainPolicy = classPublic NotInheritable Class X509ChainPolicy- Inheritance
-
X509ChainPolicy
Examples
The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.
#using <System.dll>
#using <System.Security.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
using namespace System::IO;
int main()
{
//Create new X509 store from local certificate store.
X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) );
//Output store information.
Console::WriteLine( "Store Information" );
Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count );
Console::WriteLine( "Store location: {0}", store->Location );
Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine );
//Put certificates from the store into a collection so user can select one.
X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection);
X509Certificate2 ^ certificate = collection[ 0 ];
X509Certificate2UI::DisplayCertificate(certificate);
//Output chain information of the selected certificate.
X509Chain ^ ch = gcnew X509Chain;
ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
ch->Build( certificate );
Console::WriteLine( "Chain Information" );
Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );
//Output chain element information.
Console::WriteLine( "Chain Element Information" );
Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count );
Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine );
System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator();
while ( myEnum->MoveNext() )
{
X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current);
Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer );
Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter );
Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() );
Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length );
Console::WriteLine( "Element information: {0}", element->Information );
Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine );
if ( ch->ChainStatus->Length > 1 )
{
for ( int index = 0; index < element->ChainElementStatus->Length; index++ )
{
Console::WriteLine( element->ChainElementStatus[ index ].Status );
Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation );
}
}
}
store->Close();
}
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
class TestX509Chain
{
static void Main(string[] args)
{
//Create new X509 store from local certificate store.
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
//Output store information.
Console.WriteLine ("Store Information");
Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
Console.WriteLine ("Store location: {0}", store.Location);
Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
//Put certificates from the store into a collection so user can select one.
X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
X509Certificate2 certificate = collection[0];
X509Certificate2UI.DisplayCertificate(certificate);
//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
//Output chain element information.
Console.WriteLine ("Chain Element Information");
Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
foreach (X509ChainElement element in ch.ChainElements)
{
Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
Console.WriteLine ("Element information: {0}", element.Information);
Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);
if (ch.ChainStatus.Length > 1)
{
for (int index = 0; index < element.ChainElementStatus.Length; index++)
{
Console.WriteLine (element.ChainElementStatus[index].Status);
Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
}
}
}
store.Close();
}
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Class TestX509Chain
Shared Sub Main(ByVal args() As String)
'Create new X509 store from local certificate store.
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.OpenExistingOnly Or OpenFlags.ReadWrite)
'Output store information.
Console.WriteLine("Store Information")
Console.WriteLine("Number of certificates in the store: {0}", store.Certificates.Count)
Console.WriteLine("Store location: {0}", store.Location)
Console.WriteLine("Store name: {0} {1}", store.Name, Environment.NewLine)
'Put certificates from the store into a collection so user can select one.
Dim fcollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
Dim collection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection)
Dim certificate As X509Certificate2 = collection(0)
X509Certificate2UI.DisplayCertificate(certificate)
'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
ch.Build(certificate)
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)
'Output chain element information.
Console.WriteLine("Chain Element Information")
Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count)
Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine)
Dim element As X509ChainElement
For Each element In ch.ChainElements
Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer)
Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter)
Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify())
Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length)
Console.WriteLine("Element information: {0}", element.Information)
Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine)
If ch.ChainStatus.Length > 1 Then
Dim index As Integer
For index = 0 To element.ChainElementStatus.Length
Console.WriteLine(element.ChainElementStatus(index).Status)
Console.WriteLine(element.ChainElementStatus(index).StatusInformation)
Next index
End If
Next element
store.Close()
End Sub
End Class
Remarks
Each X509Certificate2 object can have an X509ChainPolicy property that specifies the policy to be used in the verification process. Note that only X509Certificate2 objects can construct an X509ChainPolicy object.
Constructors
| X509ChainPolicy() |
Initializes a new instance of the X509ChainPolicy class. |
Properties
| ApplicationPolicy |
Gets a collection of object identifiers (OIDs) specifying which application policies or enhanced key usages (EKUs) the certificate must support. |
| CertificatePolicy |
Gets a collection of object identifiers (OIDs) specifying which certificate policies the certificate must support. |
| CustomTrustStore |
Represents a collection of certificates replacing the default certificate trust. |
| DisableCertificateDownloads |
Gets or sets a value that indicates whether the chain engine can use the Authority Information Access (AIA) extension to locate unknown issuer certificates. |
| ExtraStore |
Gets an object that represents an additional collection of certificates that can be searched by the chaining engine when validating a certificate chain. |
| RevocationFlag |
Gets or sets values for X509 revocation flags. |
| RevocationMode |
Gets or sets values for X509 certificate revocation mode. |
| TrustMode |
The mode determining the root trust for building the certificate chain. |
| UrlRetrievalTimeout |
Gets or sets the maximum amount of time to be spent during online revocation verification or downloading the certificate revocation list (CRL). A value of Zero means there are no limits. |
| VerificationFlags |
Gets verification flags for the certificate. |
| VerificationTime |
Gets or sets the time for which the chain is to be validated. |
| VerificationTimeIgnored |
Gets or sets a value that indicates whether the chain validation should use VerificationTime or the current system time when building an X.509 certificate chain. |
Methods
| Clone() |
Creates a new chain policy instance that has the same settings as this instance. |
| Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
| GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
| GetType() |
Gets the Type of the current instance. (Inherited from Object) |
| MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
| Reset() |
Resets the X509ChainPolicy members to their default values. |
| ToString() |
Returns a string that represents the current object. (Inherited from Object) |
Applies to
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
