RemoteCertificateValidationCallback RemoteCertificateValidationCallback RemoteCertificateValidationCallback RemoteCertificateValidationCallback Delegate

定義

認証に使用されるリモートの SSL (Secure Sockets Layer) 証明書を検証します。 Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

public delegate bool RemoteCertificateValidationCallback(System::Object ^ sender, X509Certificate ^ certificate, X509Chain ^ chain, SslPolicyErrors sslPolicyErrors);
public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
type RemoteCertificateValidationCallback = delegate of obj * X509Certificate * X509Chain * SslPolicyErrors -> bool
Public Delegate Function RemoteCertificateValidationCallback(sender As Object, certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors) As Boolean 
パラメーター
sender
Object Object Object Object

この検証のステータス情報を格納するオブジェクト。 An object that contains state information for this validation.

certificate
X509Certificate X509Certificate X509Certificate X509Certificate

リモート側の認証に使用される証明書。 The certificate used to authenticate the remote party.

chain
X509Chain X509Chain X509Chain X509Chain

リモートの証明書に関連付けられた証明機関のチェーン。 The chain of certificate authorities associated with the remote certificate.

sslPolicyErrors
SslPolicyErrors SslPolicyErrors SslPolicyErrors SslPolicyErrors

リモートの証明書に関連付けられた 1 つ以上のエラー。 One or more errors associated with the remote certificate.

戻り値
System.Boolean

指定した証明書が認証に使用できるかどうかを判断する Boolean 値。 A Boolean value that determines whether the specified certificate is accepted for authentication.

継承
RemoteCertificateValidationCallbackRemoteCertificateValidationCallbackRemoteCertificateValidationCallbackRemoteCertificateValidationCallback

次のコード例のインスタンスによって呼び出されるメソッドの実装、RemoteCertificateValidationCallbackクラス。The following code example implements a method that is invoked by an instance of the RemoteCertificateValidationCallback class. このメソッドがそれらを表示し、返します検証エラーがある場合false、認証されていないサーバーとの通信を防ぐことができます。If there are validation errors, this method displays them and returns false, which prevents communication with the unauthenticated server.

    // Load a table of errors that might cause 
    // the certificate authentication to fail.
    static void InitializeCertificateErrors()
    {
        certificateErrors->Add(0x800B0101,
            "The certification has expired.");
        certificateErrors->Add(0x800B0104,
            "A path length constraint "
            "in the certification chain has been violated.");
        certificateErrors->Add(0x800B0105,
            "A certificate contains an unknown extension "
            "that is marked critical.");
        certificateErrors->Add(0x800B0107,
            "A parent of a given certificate in fact "
            "did not issue that child certificate.");
        certificateErrors->Add(0x800B0108,
            "A certificate is missing or has an empty value "
            "for a necessary field.");
        certificateErrors->Add(0x800B0109,
            "The certificate root is not trusted.");
        certificateErrors->Add(0x800B010C,
            "The certificate has been revoked.");
        certificateErrors->Add(0x800B010F,
            "The name in the certificate does not not match "
            "the host name requested by the client.");
        certificateErrors->Add(0x800B0111,
            "The certificate was explicitly marked "
            "as untrusted by the user.");
        certificateErrors->Add(0x800B0112,
            "A certification chain processed correctly, "
            "but one of the CA certificates is not trusted.");
        certificateErrors->Add(0x800B0113,
            "The certificate has an invalid policy.");
        certificateErrors->Add(0x800B0114,
            "The certificate name is either not "
            "in the permitted list or is explicitly excluded.");
        certificateErrors->Add(0x80092012,
            "The revocation function was unable to check "
            "revocation for the certificate.");
        certificateErrors->Add(0x80090327,
            "An unknown error occurred while "
            "processing the certificate.");
        certificateErrors->Add(0x80096001,
            "A system-level error occurred "
            "while verifying trust.");
        certificateErrors->Add(0x80096002,
            "The certificate for the signer of the message "
            "is invalid or not found.");
        certificateErrors->Add(0x80096003,
            "One of the counter signatures was invalid.");
        certificateErrors->Add(0x80096004,
            "The signature of the certificate "
            "cannot be verified.");
        certificateErrors->Add(0x80096005,
            "The time stamp signature or certificate "
            "could not be verified or is malformed.");
        certificateErrors->Add(0x80096010,
            "The digital signature of the object "
            "was not verified.");
        certificateErrors->Add(0x80096019,
            "The basic constraint extension of a certificate "
            "has not been observed.");
    }

    static String^ CertificateErrorDescription(UInt32 problem)
    {
        // Initialize the error message dictionary 
        // if it is not yet available.
        if (certificateErrors->Count == 0)
        {
            InitializeCertificateErrors();
        }

        String^ description = safe_cast<String^>(
            certificateErrors[problem]);
        if (description == nullptr)
        {
            description = String::Format(
                CultureInfo::CurrentCulture,
                "Unknown certificate error - 0x{0:x8}",
                problem);
        }

        return description;
    }

public:
    // The following method is invoked 
    // by the CertificateValidationDelegate.
static bool ValidateServerCertificate(
        Object^ sender,
        X509Certificate^ certificate,
        X509Chain^ chain,
        SslPolicyErrors sslPolicyErrors)
    {
    
        Console::WriteLine("Validating the server certificate.");
        if (sslPolicyErrors == SslPolicyErrors::None)
            return true;

        Console::WriteLine("Certificate error: {0}", sslPolicyErrors);

        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }

// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
      object sender,
      X509Certificate certificate,
      X509Chain chain,
      SslPolicyErrors sslPolicyErrors)
{
   if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
    
    // Do not allow this client to communicate with unauthenticated servers.
    return false;
}

次のコード例では、上記のコード例で定義されているメソッドを使用してデリゲートを作成します。The following code example creates the delegate using the method defined in the preceding code example.

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient^ client = gcnew TcpClient(machineName, 8080);
Console::WriteLine("Client connected.");
  
// Create an SSL stream that will close 
// the client's stream.
SslStream^ sslStream = gcnew SslStream(
    client->GetStream(), false,
    gcnew RemoteCertificateValidationCallback(ValidateServerCertificate),
    nullptr);
  
// The server name must match the name
// on the server certificate.
try
{
    sslStream->AuthenticateAsClient(serverName);
}
catch (AuthenticationException^ ex) 
{
    Console::WriteLine("Exception: {0}", ex->Message);
    if (ex->InnerException != nullptr)
    {
        Console::WriteLine("Inner exception: {0}", 
            ex->InnerException->Message);
    }

    Console::WriteLine("Authentication failed - "
        "closing the connection.");
    sslStream->Close();
    client->Close();
    return;
}
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,443);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
    client.GetStream(), 
    false, 
    new RemoteCertificateValidationCallback (ValidateServerCertificate), 
    null
    );
// The server name must match the name on the server certificate.
try 
{
    sslStream.AuthenticateAsClient(serverName);
} 
catch (AuthenticationException e)
{
    Console.WriteLine("Exception: {0}", e.Message);
    if (e.InnerException != null)
    {
        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
    }
    Console.WriteLine ("Authentication failed - closing the connection.");
    client.Close();
    return;
}

注釈

デリゲートのsslPolicyErrors引数には、クライアントまたはサーバーの認証中に SSPI によって返される証明書のエラーが含まれています。The delegate's sslPolicyErrors argument contains any certificate errors returned by SSPI while authenticating the client or server. Booleanこのデリゲートによって呼び出されるメソッドによって返される値は、認証が成功できるかどうかを判断します。The Boolean value returned by the method invoked by this delegate determines whether the authentication is allowed to succeed.

このデリゲートを併用、SslStreamクラス。This delegate is used with the SslStream class.

適用対象

こちらもご覧ください