.NET Framework Class Library
X509Extension Class

Represents an X509 extension.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)
Public Class X509Extension _
	Inherits [%$TOPIC/x5x51x86_en-us_VS_110_2_0_0_0_0%]
public class X509Extension : [%$TOPIC/x5x51x86_en-us_VS_110_2_0_1_0_0%]
public ref class X509Extension : public [%$TOPIC/x5x51x86_en-us_VS_110_2_0_2_0_0%]
type X509Extension =  
        inherit [%$TOPIC/x5x51x86_en-us_VS_110_2_0_3_0_0%] 
public class X509Extension extends [%$TOPIC/x5x51x86_en-us_VS_110_2_0_4_0_0%]

The X509Extension type exposes the following members.

Protected method X509ExtensionInitializes a new instance of the X509Extension class.
Public method X509Extension(AsnEncodedData, Boolean)Initializes a new instance of the X509Extension class.
Public method X509Extension(Oid, Byte, Boolean)Initializes a new instance of the X509Extension class.
Public method X509Extension(String, Byte, Boolean)Initializes a new instance of the X509Extension class.
Public property CriticalGets a Boolean value indicating whether the extension is critical.
Public property OidGets or sets the Oid value for an AsnEncodedData object. (Inherited from AsnEncodedData.)
Public property RawDataGets or sets the Abstract Syntax Notation One (ASN.1)-encoded data represented in a byte array. (Inherited from AsnEncodedData.)
Public method CopyFromCopies the extension properties of the specified AsnEncodedData object. (Overrides AsnEncodedDataCopyFrom(AsnEncodedData).)
Public method Equals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected method FinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public method FormatReturns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string. (Inherited from AsnEncodedData.)
Public method GetHashCodeServes as the default hash function. (Inherited from Object.)
Public method GetTypeGets the Type of the current instance. (Inherited from Object.)
Protected method MemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public method ToStringReturns a string that represents the current object. (Inherited from Object.)

X509 extensions are dynamic, extended properties that can be added to an X509 certificate and changed. The X509Extension class can be used to create extensions that are associated with a certificate but are not part of a certificate as issued by a certification authority (CA).

In its most basic form, an X509 extension has an object identifier (OID), a Boolean value describing whether the extension is considered critical or not, and ASN-encoded data. Custom extensions can be registered in a CryptoConfig file.

The.NET Framework includes implementations of several common X509 extensions:


The following code example demonstrates using the X509Extension class.

Imports System
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates

Module CertSelect

    Sub Main()
            Dim store As New X509Store("MY", StoreLocation.CurrentUser)
            store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)

            Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
            Dim i As Integer 
            For i = 0 To collection.Count
                Dim extension As X509Extension
                For Each extension In collection(i).Extensions
                    Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")")

                    If extension.Oid.FriendlyName = "Key Usage" Then 
                        Dim ext As X509KeyUsageExtension = CType(extension, X509KeyUsageExtension)
                    End If 

                    If extension.Oid.FriendlyName = "Basic Constraints" Then 
                        Dim ext As X509BasicConstraintsExtension = CType(extension, X509BasicConstraintsExtension)
                    End If 

                    If extension.Oid.FriendlyName = "Subject Key Identifier" Then 
                        Dim ext As X509SubjectKeyIdentifierExtension = CType(extension, X509SubjectKeyIdentifierExtension)
                    End If 

                    If extension.Oid.FriendlyName = "Enhanced Key Usage" Then 
                        Dim ext As X509EnhancedKeyUsageExtension = CType(extension, X509EnhancedKeyUsageExtension)
                        Dim oids As OidCollection = ext.EnhancedKeyUsages
                        Dim oid As Oid
                        For Each oid In oids
                            Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")")
                        Next oid
                    End If 
                Next extension
            Next i
            Console.WriteLine("Information could not be written out for this certificate.")
        End Try 

    End Sub 
End Module
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

public class CertSelect
    public static void Main()
            X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
            for (int i = 0; i < collection.Count; i++)
                foreach (X509Extension extension in collection[i].Extensions)
                    Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");

                    if (extension.Oid.FriendlyName == "Key Usage")
                        X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;

                    if (extension.Oid.FriendlyName == "Basic Constraints")
                        X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;

                    if (extension.Oid.FriendlyName == "Subject Key Identifier")
                        X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;

                    if (extension.Oid.FriendlyName == "Enhanced Key Usage")
                        X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
                        OidCollection oids = ext.EnhancedKeyUsages;
                        foreach (Oid oid in oids)
                            Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
        catch (CryptographicException)
            Console.WriteLine("Information could not be written out for this certificate.");
#using <System.dll>
#using <system.security.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
int main()
      X509Store^ store = gcnew X509Store( L"MY",StoreLocation::CurrentUser );
      store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
      X509Certificate2Collection^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
      for ( int i = 0; i < collection->Count; i++ )
         System::Collections::IEnumerator^ myEnum = collection[ i ]->Extensions->GetEnumerator();
         while ( myEnum->MoveNext() )
            X509Extension^ extension = safe_cast<X509Extension^>(myEnum->Current);
            Console::WriteLine( L"{0}({1})", extension->Oid->FriendlyName, extension->Oid->Value );
            if ( extension->Oid->FriendlyName == L"Key Usage" )
               X509KeyUsageExtension^ ext = dynamic_cast<X509KeyUsageExtension^>(extension);
               Console::WriteLine( ext->KeyUsages );
            if ( extension->Oid->FriendlyName == L"Basic Constraints" )
               X509BasicConstraintsExtension^ ext = dynamic_cast<X509BasicConstraintsExtension^>(extension);
               Console::WriteLine( ext->CertificateAuthority );
               Console::WriteLine( ext->HasPathLengthConstraint );
               Console::WriteLine( ext->PathLengthConstraint );
            if ( extension->Oid->FriendlyName == L"Subject Key Identifier" )
               X509SubjectKeyIdentifierExtension^ ext = dynamic_cast<X509SubjectKeyIdentifierExtension^>(extension);
               Console::WriteLine( ext->SubjectKeyIdentifier );
            if ( extension->Oid->FriendlyName == L"Enhanced Key Usage" )
               X509EnhancedKeyUsageExtension^ ext = dynamic_cast<X509EnhancedKeyUsageExtension^>(extension);
               OidCollection^ oids = ext->EnhancedKeyUsages;
               System::Collections::IEnumerator^ myEnum1 = oids->GetEnumerator();
               while ( myEnum1->MoveNext() )
                  Oid^ oid = safe_cast<Oid^>(myEnum1->Current);
                  Console::WriteLine( L"{0}({1})", oid->FriendlyName, oid->Value );

   catch ( CryptographicException^ ) 
      Console::WriteLine( L"Information could not be written out for this certificate." );

Version Information

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.