X509Chain Class
Represents a chain-building engine for X509Certificate2 certificates.
Assembly: System (in System.dll)
The X509Chain type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | X509Chain() | Initializes a new instance of the X509Chain class. |
![]() | X509Chain(Boolean) | Initializes a new instance of the X509Chain class specifying a value that indicates whether the machine context should be used. |
![]() | X509Chain(IntPtr) | Initializes a new instance of the X509Chain class using an IntPtr handle to an X.509 chain. |
| Name | Description | |
|---|---|---|
![]() | ChainContext | Gets a handle to an X.509 chain. |
![]() | ChainElements | Gets a collection of X509ChainElement objects. |
![]() | ChainPolicy | Gets or sets the X509ChainPolicy to use when building an X.509 certificate chain. |
![]() | ChainStatus | Gets the status of each element in an X509Chain object. |
| Name | Description | |
|---|---|---|
![]() | Build | Builds an X.509 chain using the policy specified in X509ChainPolicy. |
![]() ![]() | Create | Creates an X509Chain object after querying for the mapping defined in the CryptoConfig file, and maps the chain to that mapping. |
![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | Reset | Clears the current X509Chain object. |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved. The global error status takes into consideration the status of each element in the chain.
The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.
#using <System.dll> #using <System.Security.dll> using namespace System; using namespace System::Security::Cryptography; using namespace System::Security::Cryptography::X509Certificates; using namespace System::IO; int main() { //Create new X509 store from local certificate store. X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser ); store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) ); //Output store information. Console::WriteLine( "Store Information" ); Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count ); Console::WriteLine( "Store location: {0}", store->Location ); Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine ); //Put certificates from the store into a collection so user can select one. X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates); X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection); X509Certificate2 ^ certificate = collection[ 0 ]; X509Certificate2UI::DisplayCertificate(certificate); //Output chain information of the selected certificate. X509Chain ^ ch = gcnew X509Chain; ch->Build( certificate ); Console::WriteLine( "Chain Information" ); ch->ChainPolicy->RevocationMode = X509RevocationMode::Online; Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag ); Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode ); Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags ); Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime ); Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length ); Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count ); Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine ); //Output chain element information. Console::WriteLine( "Chain Element Information" ); Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count ); Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine ); System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator(); while ( myEnum->MoveNext() ) { X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current); Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer ); Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter ); Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() ); Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length ); Console::WriteLine( "Element information: {0}", element->Information ); Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine ); if ( ch->ChainStatus->Length > 1 ) { for ( int index = 0; index < element->ChainElementStatus->Length; index++ ) { Console::WriteLine( element->ChainElementStatus[ index ].Status ); Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation ); } } } store->Close(); }
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
