X509ChainPolicy Class

X509ChainPolicy Class


Represents the chain policy to be applied when building an X509 certificate chain. This class cannot be inherited.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)


public sealed class X509ChainPolicy


Initializes a new instance of the X509ChainPolicy class.


Gets a collection of object identifiers (OIDs) specifying which application policies or enhanced key usages (EKUs) the certificate supports.


Gets a collection of object identifiers (OIDs) specifying which certificate policies the certificate supports.


Represents an additional collection of certificates that can be searched by the chaining engine when validating a certificate chain.


Gets or sets values for X509 revocation flags.


Gets or sets values for X509 certificate revocation mode.


Gets the time span that elapsed during online revocation verification or downloading the certificate revocation list (CRL).


Gets verification flags for the certificate.


The time that the certificate was verified expressed in local time.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Resets the X509ChainPolicy members to their default values.


Returns a string that represents the current object.(Inherited from Object.)

Each X509Certificate2 object can have an X509ChainPolicy property that specifies the policy to be used in the verification process. Note that only X509Certificate2 objects can construct an X509ChainPolicy object.

The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;

class TestX509Chain
	static void Main(string[] args)
		//Create new X509 store from local certificate store.
		X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
		store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

		//Output store information.
		Console.WriteLine ("Store Information");
		Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
		Console.WriteLine ("Store location: {0}", store.Location);
		Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);

		//Put certificates from the store into a collection so user can select one.
		X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
		X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
		X509Certificate2 certificate = collection[0];
		//Output chain information of the selected certificate.
		X509Chain ch = new X509Chain();
		ch.Build (certificate);
		Console.WriteLine ("Chain Information");
		ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
		Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
		Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
		Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
		Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
		Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
		Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
		Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
		//Output chain element information.
		Console.WriteLine ("Chain Element Information");
		Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
		Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);

		foreach (X509ChainElement element in ch.ChainElements)
			Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
			Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
			Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
			Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
			Console.WriteLine ("Element information: {0}", element.Information);
			Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);

			if (ch.ChainStatus.Length > 1)
				for (int index = 0; index < element.ChainElementStatus.Length; index++)
					Console.WriteLine (element.ChainElementStatus[index].Status);
					Console.WriteLine (element.ChainElementStatus[index].StatusInformation);

Universal Windows Platform
Available since 10
.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
© 2015 Microsoft