ICertificatePolicy 接口
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
验证服务器证书。
public interface class ICertificatePolicypublic interface ICertificatePolicytype ICertificatePolicy = interfacePublic Interface ICertificatePolicy示例
以下示例创建一个证书策略,该策略针对任何证书问题返回 false ,并在控制台上打印一条消息,指示问题。 CertificateProblem 枚举定义证书问题的 SSPI 常量,而专用 GetProblemMessage 方法将创建有关该问题的可打印消息。
public enum class CertificateProblem : UInt32
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
};
public ref class MyCertificateValidation: public ICertificatePolicy
{
public:
// Default policy for certificate validation.
static bool DefaultValidate = false;
virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem )
{
bool ValidationResult = false;
Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri );
Console::Write( "Problem code 0x{0:X8},", (int)problem );
Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) );
ValidationResult = DefaultValidate;
return ValidationResult;
}
private:
String^ GetProblemMessage( CertificateProblem Problem )
{
String^ ProblemMessage = "";
CertificateProblem problemList = CertificateProblem( );
String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem );
if ( ProblemCodeName != nullptr )
ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName );
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
};
public enum CertificateProblem : long
{
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public class MyCertificateValidation : ICertificatePolicy
{
// Default policy for certificate validation.
public static bool DefaultValidate = false;
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
WebRequest request, int problem)
{
bool ValidationResult=false;
Console.WriteLine("Certificate Problem with accessing " +
request.RequestUri);
Console.Write("Problem code 0x{0:X8},",(int)problem);
Console.WriteLine(GetProblemMessage((CertificateProblem)problem));
ValidationResult = DefaultValidate;
return ValidationResult;
}
private String GetProblemMessage(CertificateProblem Problem)
{
String ProblemMessage = "";
CertificateProblem problemList = new CertificateProblem();
String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
if(ProblemCodeName != null)
ProblemMessage = ProblemMessage + "-Certificateproblem:" +
ProblemCodeName;
else
ProblemMessage = "Unknown Certificate Problem";
return ProblemMessage;
}
}
Public Enum CertificateProblem As Long
CertEXPIRED = 2148204801 ' 0x800B0101
CertVALIDITYPERIODNESTING = 2148204802 ' 0x800B0102
CertROLE = 2148204803 ' 0x800B0103
CertPATHLENCONST = 2148204804 ' 0x800B0104
CertCRITICAL = 2148204805 ' 0x800B0105
CertPURPOSE = 2148204806 ' 0x800B0106
CertISSUERCHAINING = 2148204807 ' 0x800B0107
CertMALFORMED = 2148204808 ' 0x800B0108
CertUNTRUSTEDROOT = 2148204809 ' 0x800B0109
CertCHAINING = 2148204810 ' 0x800B010A
CertREVOKED = 2148204812 ' 0x800B010C
CertUNTRUSTEDTESTROOT = 2148204813 ' 0x800B010D
CertREVOCATION_FAILURE = 2148204814 ' 0x800B010E
CertCN_NO_MATCH = 2148204815 ' 0x800B010F
CertWRONG_USAGE = 2148204816 ' 0x800B0110
CertUNTRUSTEDCA = 2148204818 ' 0x800B0112
End Enum
Public Class MyCertificateValidation
Implements ICertificatePolicy
' Default policy for certificate validation.
Public Shared DefaultValidate As Boolean = False
Public Function CheckValidationResult(srvPoint As ServicePoint, _
cert As X509Certificate, request As WebRequest, problem As Integer) _
As Boolean Implements ICertificatePolicy.CheckValidationResult
Dim ValidationResult As Boolean = False
Console.WriteLine(("Certificate Problem with accessing " & _
request.RequestUri.ToString()))
Console.Write("Problem code 0x{0:X8},", CInt(problem))
Console.WriteLine(GetProblemMessage(CType(problem, _
CertificateProblem)))
ValidationResult = DefaultValidate
Return ValidationResult
End Function
Private Function GetProblemMessage(Problem As CertificateProblem) As String
Dim ProblemMessage As String = ""
Dim problemList As New CertificateProblem()
Dim ProblemCodeName As String = System.Enum.GetName( _
problemList.GetType(), Problem)
If Not (ProblemCodeName Is Nothing) Then
ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
ProblemCodeName
Else
ProblemMessage = "Unknown Certificate Problem"
End If
Return ProblemMessage
End Function
End Class
注解
接口 ICertificatePolicy 用于为应用程序提供自定义安全证书验证。 默认策略是允许有效证书以及已过期的有效证书。 若要更改此策略,请使用 ICertificatePolicy 其他策略实现 接口,然后将该策略分配给 ServicePointManager.CertificatePolicy。
ICertificatePolicy 使用安全支持提供程序接口 (SSPI) 。 有关详细信息,请参阅 MSDN 上的 SSPI 文档。
方法
| CheckValidationResult(ServicePoint, X509Certificate, WebRequest, Int32) |
验证服务器证书。 |
