X509ChainPolicy Class
.NET Framework 4
Represents the chain policy to be applied when building an X509 certificate chain. This class cannot be inherited.
Namespace:
System.Security.Cryptography.X509Certificates
Assembly: System (in System.dll)
The X509ChainPolicy type exposes the following members.
| Name | Description | |
|---|---|---|
|
ApplicationPolicy | Gets a collection of object identifiers (OIDs) specifying which application policies or enhanced key usages (EKUs) the certificate supports. |
|
|
CertificatePolicy | Gets a collection of object identifiers (OIDs) specifying which certificate policies the certificate supports. |
|
|
ExtraStore | Represents an additional collection of certificates that can be searched by the chaining engine when validating a certificate chain. |
|
|
RevocationFlag | Gets or sets values for X509 revocation flags. |
|
|
RevocationMode | Gets or sets values for X509 certificate revocation mode. |
|
|
UrlRetrievalTimeout | Gets the time span that elapsed during online revocation verification or downloading the certificate revocation list (CRL). |
|
|
VerificationFlags | Gets verification flags for the certificate. |
|
|
VerificationTime | The time that the certificate was verified expressed in local time. |
| Name | Description | |
|---|---|---|
|
Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
|
Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
|
|
GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
|
|
GetType | Gets the Type of the current instance. (Inherited from Object.) |
|
|
MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
|
|
Reset | Resets the X509ChainPolicy members to their default values. |
|
|
ToString | Returns a string that represents the current object. (Inherited from Object.) |
Each X509Certificate2 object can have an X509ChainPolicy property that specifies the policy to be used in the verification process. Note that only X509Certificate2 objects can construct an X509ChainPolicy object.
The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.
using System; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.IO; class TestX509Chain { static void Main(string[] args) { //Create new X509 store from local certificate store. X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite); //Output store information. Console.WriteLine ("Store Information"); Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count); Console.WriteLine ("Store location: {0}", store.Location); Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine); //Put certificates from the store into a collection so user can select one. X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates; X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection); X509Certificate2 certificate = collection[0]; X509Certificate2UI.DisplayCertificate(certificate); //Output chain information of the selected certificate. X509Chain ch = new X509Chain(); ch.Build (certificate); Console.WriteLine ("Chain Information"); ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag); Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode); Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags); Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime); Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length); Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count); Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine); //Output chain element information. Console.WriteLine ("Chain Element Information"); Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count); Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine); foreach (X509ChainElement element in ch.ChainElements) { Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer); Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter); Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ()); Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length); Console.WriteLine ("Element information: {0}", element.Information); Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine); if (ch.ChainStatus.Length > 1) { for (int index = 0; index < element.ChainElementStatus.Length; index++) { Console.WriteLine (element.ChainElementStatus[index].Status); Console.WriteLine (element.ChainElementStatus[index].StatusInformation); } } } store.Close(); } }
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
