X509ChainPolicy Class
Represents the chain policy to be applied when building an X509 certificate chain. This class cannot be inherited.
Assembly: System (in System.dll)
| Name | Description | |
|---|---|---|
![]() | X509ChainPolicy() | Initializes a new instance of the X509ChainPolicy class. |
| Name | Description | |
|---|---|---|
![]() | ApplicationPolicy | Gets a collection of object identifiers (OIDs) specifying which application policies or enhanced key usages (EKUs) the certificate supports. |
![]() | CertificatePolicy | Gets a collection of object identifiers (OIDs) specifying which certificate policies the certificate supports. |
![]() | ExtraStore | Represents an additional collection of certificates that can be searched by the chaining engine when validating a certificate chain. |
![]() | RevocationFlag | Gets or sets values for X509 revocation flags. |
![]() | RevocationMode | Gets or sets values for X509 certificate revocation mode. |
![]() | UrlRetrievalTimeout | Gets the time span that elapsed during online revocation verification or downloading the certificate revocation list (CRL). |
![]() | VerificationFlags | Gets verification flags for the certificate. |
![]() | VerificationTime | The time that the certificate was verified expressed in local time. |
| Name | Description | |
|---|---|---|
![]() | Equals(Object^) | Determines whether the specified object is equal to the current object.(Inherited from Object.) |
![]() | GetHashCode() | Serves as the default hash function. (Inherited from Object.) |
![]() | GetType() | |
![]() | Reset() | Resets the X509ChainPolicy members to their default values. |
![]() | ToString() | Returns a string that represents the current object.(Inherited from Object.) |
Each X509Certificate2 object can have an X509ChainPolicy property that specifies the policy to be used in the verification process. Note that only X509Certificate2 objects can construct an X509ChainPolicy object.
The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.
#using <System.dll> #using <System.Security.dll> using namespace System; using namespace System::Security::Cryptography; using namespace System::Security::Cryptography::X509Certificates; using namespace System::IO; int main() { //Create new X509 store from local certificate store. X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser ); store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) ); //Output store information. Console::WriteLine( "Store Information" ); Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count ); Console::WriteLine( "Store location: {0}", store->Location ); Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine ); //Put certificates from the store into a collection so user can select one. X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates); X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection); X509Certificate2 ^ certificate = collection[ 0 ]; X509Certificate2UI::DisplayCertificate(certificate); //Output chain information of the selected certificate. X509Chain ^ ch = gcnew X509Chain; ch->Build( certificate ); Console::WriteLine( "Chain Information" ); ch->ChainPolicy->RevocationMode = X509RevocationMode::Online; Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag ); Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode ); Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags ); Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime ); Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length ); Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count ); Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine ); //Output chain element information. Console::WriteLine( "Chain Element Information" ); Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count ); Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine ); System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator(); while ( myEnum->MoveNext() ) { X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current); Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer ); Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter ); Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() ); Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length ); Console::WriteLine( "Element information: {0}", element->Information ); Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine ); if ( ch->ChainStatus->Length > 1 ) { for ( int index = 0; index < element->ChainElementStatus->Length; index++ ) { Console::WriteLine( element->ChainElementStatus[ index ].Status ); Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation ); } } } store->Close(); }
Available since 2.0
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

