Export (0) Print
Expand All

X509FindType Enumeration

Updated: February 2010

Specifies the type of value the X509Certificate2Collection.Find method searches for.

Namespace:  System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

public enum X509FindType

Member nameDescription
Supported by the .NET Compact FrameworkFindByThumbprintThe findValue parameter for the Find method must be a string representing the thumbprint of the certificate.
Supported by the .NET Compact FrameworkFindBySubjectNameThe findValue parameter for the Find method must be a string representing the subject name of the certificate. This is a less specific search than that provided by the FindBySubjectDistinguishedName enumeration value. Using the FindBySubjectName value, the Find method performs a case-insensitive string comparison using the supplied value. For example, if you pass "MyCert" to the Find method, it will find all certificates with the subject name containing that string, regardless of other subject values. Searching by distinguished name is a more precise search.
FindBySubjectDistinguishedNameThe findValue parameter for the Find method must be a string representing the subject distinguished name of the certificate. This is a more specific search than that provided by the FindBySubjectName enumeration value. Using the FindBySubjectDistinguishedName value, the Find method performs a case-insensitive string comparison for the entire distinguished name. Searching by subject name is a less precise search.
FindByIssuerNameThe findValue parameter for the Find method must be a string representing the issuer name of the certificate. This is a less specific search than that provided by the FindByIssuerDistinguishedName enumeration value. Using the FindByIssuerName value, the Find method performs a case-insensitive string comparison using the supplied value. For example, if you pass "MyCA" to the Find method, it will find all certificates with the issuer name containing that string, regardless of other issuer values.
FindByIssuerDistinguishedNameThe findValue parameter for the Find method must be a string representing the issuer distinguished name of the certificate. This is a more specific search than that provided by the FindByIssuerName enumeration value. Using the FindByIssuerDistinguishedName value, the Find method performs a case-insensitive string comparison for the entire distinguished name. Searching by issuer name is a less precise search.
FindBySerialNumberThe findValue parameter for the Find method must be a string representing the serial number of the certificate as it is displayed by the UI. The serial number must be in reverse order because it is an integer.
FindByTimeValidThe findValue parameter for the Find method must be a DateTime value in local time. You can use DateTime.Now to find all the currently valid certificates.
FindByTimeNotYetValidThe findValue parameter for the Find method must be a DateTime value in local time. The value does not have to be in the future. For example, you can use FindByTimeNotYetValid to find certificates that became valid in the current year by taking the intersection of the results of a Find operation for FindByTimeNotYetValid for the last day of last year with the results of a Find operation for FindByTimeValid of DateTime.Now.
FindByTimeExpiredThe findValue parameter for the Find method must be a DateTime value in local time. For example, you can find all the certificates that will be valid until the end of the year by eliminating the results of a Find operation for FindByTimeExpired of the last day of the year from the results of a Find operation for DateTime.Now.
FindByTemplateNameThe findValue parameter for the Find method must be a string representing the template name of the certificate, such as "ClientAuth". A template name is an X509 version 3 extension that specifies the uses of the certificate.
FindByApplicationPolicyThe findValue parameter for the Find method must be a string representing either the application policy friendly name or the object identifier (OID, or Oid) of the certificate. For example, "Encrypting File System" or "1.3.6.1.4.1.311.10.3.4" can be used. For an application that will be localized, the OID value must be used, because the friendly name is localized.
FindByCertificatePolicyThe findValue parameter for the Find method must be a string representing either the friendly name or the object identifier (OID, or Oid) of the certificate policy. The best practice is to use the OID, such as "1.3.6.1.4.1.311.10.3.4". For an application that will be localized, the OID must be used, because the friendly name is localized.
FindByExtensionThe findValue parameter for the Find method must be a string describing the extension to find. The object identifier (OID) is most commonly used to direct the Find method to search for all certificates that have an extension matching that OID value.
FindByKeyUsageThe findValue parameter for the Find method must be either a string representing the key usage or an integer representing a bit mask containing all the requested key usages. For the string value, only one key usage at a time can be specified, but the Find method can be used in a cascading sequence to get the intersection of the requested usages. For example, the findValue parameter can be set to "KeyEncipherment" or an integer (0x30 indicates "KeyEncipherment" and "DataEncipherment"). Values of the X509KeyUsageFlags enumeration can also be used.
FindBySubjectKeyIdentifierThe findValue parameter for the Find method must be a string representing the subject key identifier in hexadecimal, such as "F3E815D45E83B8477B9284113C64EF208E897112", as displayed in the UI.

X509FindType identifies the type of value provided in the findValue parameter for the Find method. You can use X509FindType to search an X509Certificate2 collection by subject name, thumbprint, serial number, valid date range, or other value.

You can use a combination of FindByTime value types to find certificates that are valid in a given time range. The union of certificates returned using FindByTimeValid, FindByTimeNotYetValid, and FindByTimeExpired for a given time represents all certificates in the queried collection.

The following example opens the current user's personal certificate store, finds only valid certificates, allows the user to select a certificate, and then writes certificate information to the console. The output depends on the certificate you select.

using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertSelect
{
	static void Main()
	{
		try
		{
			X509Store store = new X509Store("MY",StoreLocation.CurrentUser);
			store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
			X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
			X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,DateTime.Now,false);
			X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Test Certificate Select","Select a certificate from the following list to get information on that certificate",X509SelectionFlag.MultiSelection);
			Console.WriteLine("Number of certificates: {0}{1}",scollection.Count,Environment.NewLine);
				foreach (X509Certificate2 x509 in scollection)
				{
					byte[] rawdata = x509.RawData;
					Console.WriteLine("Content Type: {0}{1}",X509Certificate2.GetCertContentType(rawdata),Environment.NewLine);
					Console.WriteLine("Friendly Name: {0}{1}",x509.FriendlyName,Environment.NewLine);
					Console.WriteLine("Certificate Verified?: {0}{1}",x509.Verify(),Environment.NewLine);
					Console.WriteLine("Simple Name: {0}{1}",x509.GetNameInfo(X509NameType.SimpleName,true),Environment.NewLine);
					Console.WriteLine("Signature Algorithm: {0}{1}",x509.SignatureAlgorithm.FriendlyName,Environment.NewLine);
					Console.WriteLine("Private Key: {0}{1}",x509.PrivateKey.ToXmlString(false),Environment.NewLine);
					Console.WriteLine("Public Key: {0}{1}",x509.PublicKey.Key.ToXmlString(false),Environment.NewLine);
					Console.WriteLine("Certificate Archived?: {0}{1}",x509.Archived,Environment.NewLine);
					Console.WriteLine("Length of Raw Data: {0}{1}",x509.RawData.Length,Environment.NewLine);
					X509Certificate2UI.DisplayCertificate(x509);
					x509.Reset();
				}
			store.Close();
			}
		catch (CryptographicException)
			{
				   Console.WriteLine("Information could not be written out for this certificate.");
			}
		
	}
}

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0

.NET Compact Framework

Supported in: 3.5

Date

History

Reason

February 2010

Added information about the DateTime values.

Customer feedback.

Community Additions

ADD
Show:
© 2014 Microsoft