ICertificatePolicy Interface
Définition
Important
Certaines informations portent sur la préversion du produit qui est susceptible d’être en grande partie modifiée avant sa publication. Microsoft exclut toute garantie, expresse ou implicite, concernant les informations fournies ici.
Valide un certificat de serveur.
public interface class ICertificatePolicypublic interface ICertificatePolicytype ICertificatePolicy = interfacePublic Interface ICertificatePolicyExemples
L’exemple suivant crée une stratégie de certificat qui retourne false pour tout problème de certificat et imprime un message indiquant le problème sur la console. L’énumération CertificateProblem définit des constantes SSPI pour les problèmes de certificat, et la méthode privée GetProblemMessage crée un message imprimable sur le problème.
public enum class CertificateProblem : UInt32
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
};
public ref class MyCertificateValidation: public ICertificatePolicy
{
public:
// Default policy for certificate validation.
static bool DefaultValidate = false;
virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem )
{
bool ValidationResult = false;
Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri );
Console::Write( "Problem code 0x{0:X8},", (int)problem );
Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) );
ValidationResult = DefaultValidate;
return ValidationResult;
}
private:
String^ GetProblemMessage( CertificateProblem Problem )
{
String^ ProblemMessage = "";
CertificateProblem problemList = CertificateProblem( );
String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem );
if ( ProblemCodeName != nullptr )
ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName );
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
};
public enum CertificateProblem : long
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public class MyCertificateValidation : ICertificatePolicy
{
// Default policy for certificate validation.
public static bool DefaultValidate = false;
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
WebRequest request, int problem)
{
bool ValidationResult=false;
Console.WriteLine("Certificate Problem with accessing " +
request.RequestUri);
Console.Write("Problem code 0x{0:X8},",(int)problem);
Console.WriteLine(GetProblemMessage((CertificateProblem)problem));
ValidationResult = DefaultValidate;
return ValidationResult;
}
private String GetProblemMessage(CertificateProblem Problem)
{
String ProblemMessage = "";
CertificateProblem problemList = new CertificateProblem();
String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
if(ProblemCodeName != null)
ProblemMessage = ProblemMessage + "-Certificateproblem:" +
ProblemCodeName;
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
}
Public Enum CertificateProblem As Long
CertEXPIRED = 2148204801 ' 0x800B0101
CertVALIDITYPERIODNESTING = 2148204802 ' 0x800B0102
CertROLE = 2148204803 ' 0x800B0103
CertPATHLENCONST = 2148204804 ' 0x800B0104
CertCRITICAL = 2148204805 ' 0x800B0105
CertPURPOSE = 2148204806 ' 0x800B0106
CertISSUERCHAINING = 2148204807 ' 0x800B0107
CertMALFORMED = 2148204808 ' 0x800B0108
CertUNTRUSTEDROOT = 2148204809 ' 0x800B0109
CertCHAINING = 2148204810 ' 0x800B010A
CertREVOKED = 2148204812 ' 0x800B010C
CertUNTRUSTEDTESTROOT = 2148204813 ' 0x800B010D
CertREVOCATION_FAILURE = 2148204814 ' 0x800B010E
CertCN_NO_MATCH = 2148204815 ' 0x800B010F
CertWRONG_USAGE = 2148204816 ' 0x800B0110
CertUNTRUSTEDCA = 2148204818 ' 0x800B0112
End Enum
Public Class MyCertificateValidation
Implements ICertificatePolicy
' Default policy for certificate validation.
Public Shared DefaultValidate As Boolean = False
Public Function CheckValidationResult(srvPoint As ServicePoint, _
cert As X509Certificate, request As WebRequest, problem As Integer) _
As Boolean Implements ICertificatePolicy.CheckValidationResult
Dim ValidationResult As Boolean = False
Console.WriteLine(("Certificate Problem with accessing " & _
request.RequestUri.ToString()))
Console.Write("Problem code 0x{0:X8},", CInt(problem))
Console.WriteLine(GetProblemMessage(CType(problem, _
CertificateProblem)))
ValidationResult = DefaultValidate
Return ValidationResult
End Function
Private Function GetProblemMessage(Problem As CertificateProblem) As String
Dim ProblemMessage As String = ""
Dim problemList As New CertificateProblem()
Dim ProblemCodeName As String = System.Enum.GetName( _
problemList.GetType(), Problem)
If Not (ProblemCodeName Is Nothing) Then
ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
ProblemCodeName
Else
ProblemMessage = "Unknown Certificate Problem"
End If
Return ProblemMessage
End Function
End Class
Remarques
L’interface ICertificatePolicy est utilisée pour fournir une validation de certificat de sécurité personnalisée pour une application. La stratégie par défaut consiste à autoriser les certificats valides, ainsi que les certificats valides qui ont expiré. Pour modifier cette stratégie, implémentez l’interface ICertificatePolicy avec une stratégie différente, puis affectez cette stratégie à ServicePointManager.CertificatePolicy.
ICertificatePolicy utilise l’interface SSPI (Security Support Provider Interface). Pour plus d’informations, consultez la documentation SSPI sur MSDN.
Méthodes
| CheckValidationResult(ServicePoint, X509Certificate, WebRequest, Int32) |
Valide un certificat de serveur. |
S’applique à
Collaborer avec nous sur GitHub
La source de ce contenu se trouve sur GitHub, où vous pouvez également créer et examiner les problèmes et les demandes de tirage. Pour plus d’informations, consultez notre guide du contributeur.
