Represents an X509 extension.
Inheritance Hierarchy
Namespace:
System.Security.Cryptography.X509Certificates
SystemObject
System.Security.CryptographyAsnEncodedData
System.Security.Cryptography.X509CertificatesX509Extension
System.Security.Cryptography.X509CertificatesX509BasicConstraintsExtension
System.Security.Cryptography.X509CertificatesX509EnhancedKeyUsageExtension
System.Security.Cryptography.X509CertificatesX509KeyUsageExtension
System.Security.Cryptography.X509CertificatesX509SubjectKeyIdentifierExtension
System.Security.CryptographyAsnEncodedData
System.Security.Cryptography.X509CertificatesX509Extension
System.Security.Cryptography.X509CertificatesX509BasicConstraintsExtension
System.Security.Cryptography.X509CertificatesX509EnhancedKeyUsageExtension
System.Security.Cryptography.X509CertificatesX509KeyUsageExtension
System.Security.Cryptography.X509CertificatesX509SubjectKeyIdentifierExtension
Assembly: System (in System.dll)
Syntax
Public Class X509Extension _
Inherits [%$TOPIC/x5x51x86_en-us_VS_110_2_0_0_0_0%]public class X509Extension : [%$TOPIC/x5x51x86_en-us_VS_110_2_0_1_0_0%]public ref class X509Extension : public [%$TOPIC/x5x51x86_en-us_VS_110_2_0_2_0_0%]type X509Extension =
class
inherit [%$TOPIC/x5x51x86_en-us_VS_110_2_0_3_0_0%]
endThe X509Extension type exposes the following members.
Constructors
Top
| Name | Description | |
|---|---|---|
.gif) | X509Extension | Initializes a new instance of the X509Extension class. |
.gif) | X509Extension(AsnEncodedData, Boolean) | Initializes a new instance of the X509Extension class. |
|
| X509Extension(Oid, Byte, Boolean) | Initializes a new instance of the X509Extension class. |
|
| X509Extension(String, Byte, Boolean) | Initializes a new instance of the X509Extension class. |
Properties
Top
| Name | Description | |
|---|---|---|
.gif) | Critical | Gets a Boolean value indicating whether the extension is critical. |
|
| Oid | Gets or sets the Oid value for an AsnEncodedData object. (Inherited from AsnEncodedData.) |
|
| RawData | Gets or sets the Abstract Syntax Notation One (ASN.1)-encoded data represented in a byte array. (Inherited from AsnEncodedData.) |
Methods
Top
| Name | Description | |
|---|---|---|
|
| CopyFrom | Copies the extension properties of the specified AsnEncodedData object. (Overrides AsnEncodedDataCopyFrom(AsnEncodedData).) |
|
| Equals(Object) | Determines whether the specified object is equal to the current object. (Inherited from Object.) |
|
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
|
| Format | Returns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string. (Inherited from AsnEncodedData.) |
|
| GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
|
| GetType | Gets the Type of the current instance. (Inherited from Object.) |
|
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
|
| ToString | Returns a string that represents the current object. (Inherited from Object.) |
Remarks
X509 extensions are dynamic, extended properties that can be added to an X509 certificate and changed. The X509Extension class can be used to create extensions that are associated with a certificate but are not part of a certificate as issued by a certification authority (CA).
In its most basic form, an X509 extension has an object identifier (OID), a Boolean value describing whether the extension is considered critical or not, and ASN-encoded data. Custom extensions can be registered in a CryptoConfig file.
The.NET Framework includes implementations of several common X509 extensions:
X509KeyUsageExtension. Describes the key usages of a certificate.
X509BasicConstraintsExtension. Describes the constraints for a certificate.
X509EnhancedKeyUsageExtension. Describes the enhanced key usages of a certificate.
X509SubjectKeyIdentifierExtension. Describes the key identifier. For example, used with XMLDSIG.
Examples
The following code example demonstrates using the X509Extension class.
Imports System
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Module CertSelect
Sub Main()
Try
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)
Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
Dim i As Integer
For i = 0 To collection.Count
Dim extension As X509Extension
For Each extension In collection(i).Extensions
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")")
If extension.Oid.FriendlyName = "Key Usage" Then
Dim ext As X509KeyUsageExtension = CType(extension, X509KeyUsageExtension)
Console.WriteLine(ext.KeyUsages)
End If
If extension.Oid.FriendlyName = "Basic Constraints" Then
Dim ext As X509BasicConstraintsExtension = CType(extension, X509BasicConstraintsExtension)
Console.WriteLine(ext.CertificateAuthority)
Console.WriteLine(ext.HasPathLengthConstraint)
Console.WriteLine(ext.PathLengthConstraint)
End If
If extension.Oid.FriendlyName = "Subject Key Identifier" Then
Dim ext As X509SubjectKeyIdentifierExtension = CType(extension, X509SubjectKeyIdentifierExtension)
Console.WriteLine(ext.SubjectKeyIdentifier)
End If
If extension.Oid.FriendlyName = "Enhanced Key Usage" Then
Dim ext As X509EnhancedKeyUsageExtension = CType(extension, X509EnhancedKeyUsageExtension)
Dim oids As OidCollection = ext.EnhancedKeyUsages
Dim oid As Oid
For Each oid In oids
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")")
Next oid
End If
Next extension
Next i
store.Close()
Catch
Console.WriteLine("Information could not be written out for this certificate.")
End Try
End Sub
End Moduleusing System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
public class CertSelect
{
public static void Main()
{
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
for (int i = 0; i < collection.Count; i++)
{
foreach (X509Extension extension in collection[i].Extensions)
{
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");
if (extension.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
Console.WriteLine(ext.KeyUsages);
}
if (extension.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
Console.WriteLine(ext.CertificateAuthority);
Console.WriteLine(ext.HasPathLengthConstraint);
Console.WriteLine(ext.PathLengthConstraint);
}
if (extension.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
Console.WriteLine(ext.SubjectKeyIdentifier);
}
if (extension.Oid.FriendlyName == "Enhanced Key Usage")
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
OidCollection oids = ext.EnhancedKeyUsages;
foreach (Oid oid in oids)
{
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
}
}
}
}
store.Close();
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
}
}#using <System.dll>
#using <system.security.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{
try
{
X509Store^ store = gcnew X509Store( L"MY",StoreLocation::CurrentUser );
store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
X509Certificate2Collection^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
for ( int i = 0; i < collection->Count; i++ )
{
System::Collections::IEnumerator^ myEnum = collection[ i ]->Extensions->GetEnumerator();
while ( myEnum->MoveNext() )
{
X509Extension^ extension = safe_cast<X509Extension^>(myEnum->Current);
Console::WriteLine( L"{0}({1})", extension->Oid->FriendlyName, extension->Oid->Value );
if ( extension->Oid->FriendlyName == L"Key Usage" )
{
X509KeyUsageExtension^ ext = dynamic_cast<X509KeyUsageExtension^>(extension);
Console::WriteLine( ext->KeyUsages );
}
if ( extension->Oid->FriendlyName == L"Basic Constraints" )
{
X509BasicConstraintsExtension^ ext = dynamic_cast<X509BasicConstraintsExtension^>(extension);
Console::WriteLine( ext->CertificateAuthority );
Console::WriteLine( ext->HasPathLengthConstraint );
Console::WriteLine( ext->PathLengthConstraint );
}
if ( extension->Oid->FriendlyName == L"Subject Key Identifier" )
{
X509SubjectKeyIdentifierExtension^ ext = dynamic_cast<X509SubjectKeyIdentifierExtension^>(extension);
Console::WriteLine( ext->SubjectKeyIdentifier );
}
if ( extension->Oid->FriendlyName == L"Enhanced Key Usage" )
{
X509EnhancedKeyUsageExtension^ ext = dynamic_cast<X509EnhancedKeyUsageExtension^>(extension);
OidCollection^ oids = ext->EnhancedKeyUsages;
System::Collections::IEnumerator^ myEnum1 = oids->GetEnumerator();
while ( myEnum1->MoveNext() )
{
Oid^ oid = safe_cast<Oid^>(myEnum1->Current);
Console::WriteLine( L"{0}({1})", oid->FriendlyName, oid->Value );
}
}
}
}
store->Close();
}
catch ( CryptographicException^ )
{
Console::WriteLine( L"Information could not be written out for this certificate." );
}
}
Platforms
Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
