Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

X509Chain Class

Note: This class is new in the .NET Framework version 2.0.

Represents a chain-building engine for X509Certificate2 certificates.

Namespace: System.Security.Cryptography.X509Certificates
Assembly: System (in system.dll)

public class X509Chain
public class X509Chain
public class X509Chain

The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved. The global error status takes into consideration the status of each element in the chain.

The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;

class TestX509Chain
{
	static void Main(string[] args)
	{
		//Create new X509 store from local certificate store.
		X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
		store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

		//Output store information.
		Console.WriteLine ("Store Information");
		Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
		Console.WriteLine ("Store location: {0}", store.Location);
		Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
	
		//Put certificates from the store into a collection so user can select one.
		X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
		X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
		X509Certificate2 certificate = collection[0];
		X509Certificate2UI.DisplayCertificate(certificate);
		//Output chain information of the selected certificate.
		X509Chain ch = new X509Chain();
		ch.Build (certificate);
		Console.WriteLine ("Chain Information");
		ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
		Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
		Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
		Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
		Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
		Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
		Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
		Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
		//Output chain element information.
		Console.WriteLine ("Chain Element Information");
		Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
		Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
	
		foreach (X509ChainElement element in ch.ChainElements)
		{
			Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
			Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
			Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
			Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
			Console.WriteLine ("Element information: {0}", element.Information);
			Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);

			if (ch.ChainStatus.Length > 1)
			{
				for (int index = 0; index < element.ChainElementStatus.Length; index++)
				{
					Console.WriteLine (element.ChainElementStatus[index].Status);
					Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
				}
			}
		}
		store.Close();
	}
}

System.Object
  System.Security.Cryptography.X509Certificates.X509Chain
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.