X509Extension Class
Assembly: System (in system.dll)
X509 extensions are dynamic, extended properties that can be added to an X509 certificate and changed. The X509Extension class can be used to create extensions that are associated with a certificate but are not part of a certificate as issued by a certification authority (CA).
In its most basic form, an X509 extension has an object identifier (OID), a Boolean value describing whether the extension is considered critical or not, and ASN-encoded data. Custom extensions can be registered in a CryptoConfig file.
The.NET Framework includes implementations of several common X509 extensions:
-
X509KeyUsageExtension. Describes the key usages of a certificate.
-
X509BasicConstraintsExtension. Describes the constraints for a certificate.
-
X509EnhancedKeyUsageExtension. Describes the enhanced key usages of a certificate.
-
X509SubjectKeyIdentifierExtension. Describes the key identifier. For example, used with XMLDSIG.
The following code example demonstrates using the X509Extension class.
Imports System Imports System.Security.Cryptography Imports System.Security.Cryptography.X509Certificates Module CertSelect Sub Main() Try Dim store As New X509Store("MY", StoreLocation.CurrentUser) store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly) Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection) Dim i As Integer For i = 0 To collection.Count Dim extension As X509Extension For Each extension In collection(i).Extensions Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")") If extension.Oid.FriendlyName = "Key Usage" Then Dim ext As X509KeyUsageExtension = CType(extension, X509KeyUsageExtension) Console.WriteLine(ext.KeyUsages) End If If extension.Oid.FriendlyName = "Basic Constraints" Then Dim ext As X509BasicConstraintsExtension = CType(extension, X509BasicConstraintsExtension) Console.WriteLine(ext.CertificateAuthority) Console.WriteLine(ext.HasPathLengthConstraint) Console.WriteLine(ext.PathLengthConstraint) End If If extension.Oid.FriendlyName = "Subject Key Identifier" Then Dim ext As X509SubjectKeyIdentifierExtension = CType(extension, X509SubjectKeyIdentifierExtension) Console.WriteLine(ext.SubjectKeyIdentifier) End If If extension.Oid.FriendlyName = "Enhanced Key Usage" Then Dim ext As X509EnhancedKeyUsageExtension = CType(extension, X509EnhancedKeyUsageExtension) Dim oids As OidCollection = ext.EnhancedKeyUsages Dim oid As Oid For Each oid In oids Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")") Next oid End If Next extension Next i store.Close() Catch Console.WriteLine("Information could not be written out for this certificate.") End Try End Sub End Module
System.Security.Cryptography.AsnEncodedData
System.Security.Cryptography.X509Certificates.X509Extension
System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension
System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension
System.Security.Cryptography.X509Certificates.X509KeyUsageExtension
System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension
Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.