X509Chain X509Chain X509Chain X509Chain Class

Definition

Stellt eine Kettenerstellungs-Engine für X509Certificate2-Zertifikate dar.Represents a chain-building engine for X509Certificate2 certificates.

public ref class X509Chain : IDisposable
public class X509Chain : IDisposable
type X509Chain = class
    interface IDisposable
Public Class X509Chain
Implements IDisposable
Vererbung
X509ChainX509ChainX509ChainX509Chain
Implementiert

Beispiele

Im folgenden Codebeispiel wird öffnet persönlichen Zertifikatspeicher des aktuellen Benutzers, können Sie ein Zertifikat auswählen, und klicken Sie dann Zertifikats und Zertifikatinformationen der Kette in die Konsole geschrieben.The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. Die Ausgabe hängt von den von Ihnen ausgewählten Zertifikats ab.The output depends on the certificate you select.

#using <System.dll>
#using <System.Security.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
using namespace System::IO;

int main()
{
   //Create new X509 store from local certificate store.
   X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
   store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) );

   //Output store information.
   Console::WriteLine( "Store Information" );
   Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count );
   Console::WriteLine( "Store location: {0}", store->Location );
   Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine );

   //Put certificates from the store into a collection so user can select one.
   X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
   X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection);
   X509Certificate2 ^ certificate = collection[ 0 ];
   X509Certificate2UI::DisplayCertificate(certificate);

   //Output chain information of the selected certificate.
   X509Chain ^ ch = gcnew X509Chain;
   ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
   ch->Build( certificate );
   Console::WriteLine( "Chain Information" );
   Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
   Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
   Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
   Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
   Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
   Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
   Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );

   //Output chain element information.
   Console::WriteLine( "Chain Element Information" );
   Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count );
   Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine );
   System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator();
   while ( myEnum->MoveNext() )
   {
      X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current);
      Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer );
      Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter );
      Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() );
      Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length );
      Console::WriteLine( "Element information: {0}", element->Information );
      Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine );
      if ( ch->ChainStatus->Length > 1 )
      {
         for ( int index = 0; index < element->ChainElementStatus->Length; index++ )
         {
            Console::WriteLine( element->ChainElementStatus[ index ].Status );
            Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation );
         }
      }
   }

   store->Close();
}
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;

class TestX509Chain
{
	static void Main(string[] args)
	{
		//Create new X509 store from local certificate store.
		X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
		store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

		//Output store information.
		Console.WriteLine ("Store Information");
		Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
		Console.WriteLine ("Store location: {0}", store.Location);
		Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
	
		//Put certificates from the store into a collection so user can select one.
		X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
		X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
		X509Certificate2 certificate = collection[0];
		X509Certificate2UI.DisplayCertificate(certificate);

		//Output chain information of the selected certificate.
		X509Chain ch = new X509Chain();
		ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
		ch.Build (certificate);
		Console.WriteLine ("Chain Information");
		Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
		Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
		Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
		Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
		Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
		Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
		Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);

		//Output chain element information.
		Console.WriteLine ("Chain Element Information");
		Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
		Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
	
		foreach (X509ChainElement element in ch.ChainElements)
		{
			Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
			Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
			Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
			Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
			Console.WriteLine ("Element information: {0}", element.Information);
			Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);

			if (ch.ChainStatus.Length > 1)
			{
				for (int index = 0; index < element.ChainElementStatus.Length; index++)
				{
					Console.WriteLine (element.ChainElementStatus[index].Status);
					Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
				}
			}
		}
		store.Close();
	}
}
Imports System
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO

Class TestX509Chain

    Shared Sub Main(ByVal args() As String)
        'Create new X509 store from local certificate store.
        Dim store As New X509Store("MY", StoreLocation.CurrentUser)
        store.Open(OpenFlags.OpenExistingOnly Or OpenFlags.ReadWrite)

        'Output store information.
        Console.WriteLine("Store Information")
        Console.WriteLine("Number of certificates in the store: {0}", store.Certificates.Count)
        Console.WriteLine("Store location: {0}", store.Location)
        Console.WriteLine("Store name: {0} {1}", store.Name, Environment.NewLine)

        'Put certificates from the store into a collection so user can select one.
        Dim fcollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
        Dim collection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection)
        Dim certificate As X509Certificate2 = collection(0)
        X509Certificate2UI.DisplayCertificate(certificate)

        'Output chain information of the selected certificate.
        Dim ch As New X509Chain()
        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
        ch.Build(certificate)
        Console.WriteLine("Chain Information")
        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)

        'Output chain element information.
        Console.WriteLine("Chain Element Information")
        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count)
        Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine)

        Dim element As X509ChainElement
        For Each element In ch.ChainElements
            Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer)
            Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter)
            Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify())
            Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length)
            Console.WriteLine("Element information: {0}", element.Information)
            Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine)

            If ch.ChainStatus.Length > 1 Then
                Dim index As Integer
                For index = 0 To element.ChainElementStatus.Length
                    Console.WriteLine(element.ChainElementStatus(index).Status)
                    Console.WriteLine(element.ChainElementStatus(index).StatusInformation)
                Next index
            End If
        Next element
        store.Close()
    End Sub
End Class

Hinweise

Die X509Chain Objekt verfügt über eine globale Status mit der Bezeichnung ChainStatus , die Überprüfung des Zertifikats verwendet werden soll.The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. Die Regeln für die Überprüfung des Zertifikats sind komplex, und es ist einfach, die Validierungslogik oversimplify durch Ignorieren der Fehlerstatus, der eine oder mehrere der betreffenden Elemente.The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved. Der globale Status berücksichtigt den Status jedes Elements in der Kette.The global error status takes into consideration the status of each element in the chain.

Wichtig

Beginnend mit der .NET Framework 4.6.NET Framework 4.6wird in diesem Typ implementiert die IDisposable Schnittstelle.Starting with the .NET Framework 4.6.NET Framework 4.6, this type implements the IDisposable interface. Nach Abschluss der Verwendung sollten Sie den Typ entweder direkt oder indirekt löschen.When you have finished using the type, you should dispose of it either directly or indirectly. Zum direkten Löschen des Typs rufen Sie seine Dispose-Methode in einem try/catch-Block auf.To dispose of the type directly, call its Dispose method in a try/catch block. Zum indirekten Löschen verwenden Sie ein Sprachkonstrukt wie using (in C#) oder Using (in Visual Basic).To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). Weitere Informationen finden Sie im Abschnitt „Verwenden eines Objekts, das IDisposable implementiert“ des Themas „Die IDisposable-Schnittstelle“.For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.

Für apps, die als Ziel der .NET Framework 4.5.2.NET Framework 4.5.2 und früheren Versionen der X509Chain -Klasse implementiert nicht die IDisposable Schnittstelle, und daher keinen keine Dispose Methode.For apps that target the .NET Framework 4.5.2.NET Framework 4.5.2 and earlier versions, the X509Chain class does not implement the IDisposable interface and therefore does not have a Dispose method.

Konstruktoren

X509Chain() X509Chain() X509Chain() X509Chain()

Initialisiert eine neue Instanz der X509Chain-Klasse.Initializes a new instance of the X509Chain class.

X509Chain(Boolean) X509Chain(Boolean) X509Chain(Boolean) X509Chain(Boolean)

Initialisiert eine neue Instanz der X509Chain-Klasse. Diese gibt einen Wert an, der anzeigt, ob der Computerkontext verwendet werden soll.Initializes a new instance of the X509Chain class specifying a value that indicates whether the machine context should be used.

X509Chain(IntPtr) X509Chain(IntPtr) X509Chain(IntPtr) X509Chain(IntPtr)

Initialisiert mithilfe eines X509Chain-Handles für eine X.509-Kette eine neue Instanz der IntPtr-Klasse.Initializes a new instance of the X509Chain class using an IntPtr handle to an X.509 chain.

Eigenschaften

ChainContext ChainContext ChainContext ChainContext

Ruft ein Handle für eine X.509-Kette ab.Gets a handle to an X.509 chain.

ChainElements ChainElements ChainElements ChainElements

Ruft eine Auflistung von X509ChainElement-Objekten ab.Gets a collection of X509ChainElement objects.

ChainPolicy ChainPolicy ChainPolicy ChainPolicy

Ruft die beim Erstellen einer X.509-Zertifikatskette zu verwendende X509ChainPolicy ab oder legt diese fest.Gets or sets the X509ChainPolicy to use when building an X.509 certificate chain.

ChainStatus ChainStatus ChainStatus ChainStatus

Ruft den Status aller Elemente in einem X509Chain-Objekt ab.Gets the status of each element in an X509Chain object.

SafeHandle SafeHandle SafeHandle SafeHandle

Ruft ein sicheres Handle für diese X509Chain-Instanz ab.Gets a safe handle for this X509Chain instance.

Methoden

Build(X509Certificate2) Build(X509Certificate2) Build(X509Certificate2) Build(X509Certificate2)

Erstellt mithilfe der in X509ChainPolicy angegebenen Richtlinie eine X.509-Kette.Builds an X.509 chain using the policy specified in X509ChainPolicy.

Create() Create() Create() Create()

Erstellt ein X509Chain-Objekt, nachdem die in der Datei CryptoConfig definierte Zuordnung abgefragt wurde, und ordnet die Kette dieser Zuordnung zu.Creates an X509Chain object after querying for the mapping defined in the CryptoConfig file, and maps the chain to that mapping.

Dispose() Dispose() Dispose() Dispose()

Gibt alle von dieser X509Chain-Klasse verwendeten Ressourcen frei.Releases all of the resources used by this X509Chain.

Dispose(Boolean) Dispose(Boolean) Dispose(Boolean) Dispose(Boolean)

Gibt die von dieser X509Chain-Klasse verwendeten nicht verwalteten Ressourcen und optional auch die verwalteten Ressourcen frei.Releases the unmanaged resources used by this X509Chain, and optionally releases the managed resources.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

Bestimmt, ob das angegebene Objekt mit dem aktuellen Objekt identisch ist.Determines whether the specified object is equal to the current object.

(Inherited from Object)
Finalize() Finalize() Finalize() Finalize()
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

Fungiert als Standardhashfunktion.Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

Ruft den Type der aktuellen Instanz ab.Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

Erstellt eine flache Kopie des aktuellen Object.Creates a shallow copy of the current Object.

(Inherited from Object)
Reset() Reset() Reset() Reset()

Löscht das aktuelle X509Chain-Objekt.Clears the current X509Chain object.

ToString() ToString() ToString() ToString()

Gibt eine Zeichenfolge zurück, die das aktuelle Objekt darstellt.Returns a string that represents the current object.

(Inherited from Object)

Gilt für: