X509BasicConstraintsExtension Class

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Defines the constraints set on a certificate. This class cannot be inherited.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

System.Object
  System.Security.Cryptography.AsnEncodedData
    System.Security.Cryptography.X509Certificates.X509Extension
      System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension

public sealed class X509BasicConstraintsExtension : X509Extension

NameDescription
System_CAPS_pubmethodX509BasicConstraintsExtension()

Initializes a new instance of the X509BasicConstraintsExtension class.

System_CAPS_pubmethodX509BasicConstraintsExtension(AsnEncodedData, Boolean)

Initializes a new instance of the X509BasicConstraintsExtension class using an AsnEncodedData object and a value that identifies whether the extension is critical.

System_CAPS_pubmethodX509BasicConstraintsExtension(Boolean, Boolean, Int32, Boolean)

Initializes a new instance of the X509BasicConstraintsExtension class. Parameters specify a value that indicates whether a certificate is a certificate authority (CA) certificate, a value that indicates whether the certificate has a restriction on the number of path levels it allows, the number of levels allowed in a certificate's path, and a value that indicates whether the extension is critical.

NameDescription
System_CAPS_pubpropertyCertificateAuthority

Gets a value indicating whether a certificate is a certificate authority (CA) certificate.

System_CAPS_pubpropertyCritical

Gets a Boolean value indicating whether the extension is critical.(Inherited from X509Extension.)

System_CAPS_pubpropertyHasPathLengthConstraint

Gets a value indicating whether a certificate has a restriction on the number of path levels it allows.

System_CAPS_pubpropertyOid

Gets or sets the Oid value for an AsnEncodedData object.(Inherited from AsnEncodedData.)

System_CAPS_pubpropertyPathLengthConstraint

Gets the number of levels allowed in a certificate's path.

System_CAPS_pubpropertyRawData

Gets or sets the Abstract Syntax Notation One (ASN.1)-encoded data represented in a byte array.(Inherited from AsnEncodedData.)

NameDescription
System_CAPS_pubmethodCopyFrom(AsnEncodedData)

Initializes a new instance of the X509BasicConstraintsExtension class using an AsnEncodedData object.(Overrides X509Extension.CopyFrom(AsnEncodedData).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_pubmethodFormat(Boolean)

Returns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string.(Inherited from AsnEncodedData.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

This class provides properties that define the basic constraints set on a certificate.

The following code example demonstrates how to open a user’s personal certificate store and display information about each certificate in the store. This example uses the X509BasicConstraintsExtension class to display the information.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertSelect
{
    public static void Main()
    {
        try
        {
            X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
            for (int i = 0; i < collection.Count; i++)
            {
                foreach (X509Extension extension in collection[i].Extensions)
                {
                    Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");


                    if (extension.Oid.FriendlyName == "Key Usage")
                    {
                        X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
                        Console.WriteLine(ext.KeyUsages);
                    }

                    if (extension.Oid.FriendlyName == "Basic Constraints")
                    {
                        X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
                        Console.WriteLine(ext.CertificateAuthority);
                        Console.WriteLine(ext.HasPathLengthConstraint);
                        Console.WriteLine(ext.PathLengthConstraint);
                    }

                    if (extension.Oid.FriendlyName == "Subject Key Identifier")
                    {
                        X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
                        Console.WriteLine(ext.SubjectKeyIdentifier);
                    }

                    if (extension.Oid.FriendlyName == "Enhanced Key Usage")
                    {
                        X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
                        OidCollection oids = ext.EnhancedKeyUsages;
                        foreach (Oid oid in oids)
                        {
                            Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
                        }
                    }
                }
            }
            store.Close();
        }
        catch (CryptographicException)
        {
            Console.WriteLine("Information could not be written out for this certificate.");
        }
    }
}

.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: