X509Chain X509Chain X509Chain X509Chain Class


X509Certificate2 証明書のチェーン作成エンジンを表します。Represents a chain-building engine for X509Certificate2 certificates.

public ref class X509Chain : IDisposable
public class X509Chain : IDisposable
type X509Chain = class
    interface IDisposable
Public Class X509Chain
Implements IDisposable

次のコード例では、現在のユーザーの個人証明書ストアを開き、証明書を選択することができ、証明書と証明書チェーンの情報をコンソールに書き込みます。The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. 出力は、選択した証明書に依存します。The output depends on the certificate you select.

#using <System.dll>
#using <System.Security.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
using namespace System::IO;

int main()
   //Create new X509 store from local certificate store.
   X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
   store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) );

   //Output store information.
   Console::WriteLine( "Store Information" );
   Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count );
   Console::WriteLine( "Store location: {0}", store->Location );
   Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine );

   //Put certificates from the store into a collection so user can select one.
   X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
   X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection);
   X509Certificate2 ^ certificate = collection[ 0 ];

   //Output chain information of the selected certificate.
   X509Chain ^ ch = gcnew X509Chain;
   ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
   ch->Build( certificate );
   Console::WriteLine( "Chain Information" );
   Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
   Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
   Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
   Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
   Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
   Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
   Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );

   //Output chain element information.
   Console::WriteLine( "Chain Element Information" );
   Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count );
   Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine );
   System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator();
   while ( myEnum->MoveNext() )
      X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current);
      Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer );
      Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter );
      Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() );
      Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length );
      Console::WriteLine( "Element information: {0}", element->Information );
      Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine );
      if ( ch->ChainStatus->Length > 1 )
         for ( int index = 0; index < element->ChainElementStatus->Length; index++ )
            Console::WriteLine( element->ChainElementStatus[ index ].Status );
            Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation );

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;

class TestX509Chain
	static void Main(string[] args)
		//Create new X509 store from local certificate store.
		X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
		store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

		//Output store information.
		Console.WriteLine ("Store Information");
		Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
		Console.WriteLine ("Store location: {0}", store.Location);
		Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
		//Put certificates from the store into a collection so user can select one.
		X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
		X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
		X509Certificate2 certificate = collection[0];

		//Output chain information of the selected certificate.
		X509Chain ch = new X509Chain();
		ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
		ch.Build (certificate);
		Console.WriteLine ("Chain Information");
		Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
		Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
		Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
		Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
		Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
		Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
		Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);

		//Output chain element information.
		Console.WriteLine ("Chain Element Information");
		Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
		Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
		foreach (X509ChainElement element in ch.ChainElements)
			Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
			Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
			Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
			Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
			Console.WriteLine ("Element information: {0}", element.Information);
			Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);

			if (ch.ChainStatus.Length > 1)
				for (int index = 0; index < element.ChainElementStatus.Length; index++)
					Console.WriteLine (element.ChainElementStatus[index].Status);
					Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
Imports System
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO

Class TestX509Chain

    Shared Sub Main(ByVal args() As String)
        'Create new X509 store from local certificate store.
        Dim store As New X509Store("MY", StoreLocation.CurrentUser)
        store.Open(OpenFlags.OpenExistingOnly Or OpenFlags.ReadWrite)

        'Output store information.
        Console.WriteLine("Store Information")
        Console.WriteLine("Number of certificates in the store: {0}", store.Certificates.Count)
        Console.WriteLine("Store location: {0}", store.Location)
        Console.WriteLine("Store name: {0} {1}", store.Name, Environment.NewLine)

        'Put certificates from the store into a collection so user can select one.
        Dim fcollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
        Dim collection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection)
        Dim certificate As X509Certificate2 = collection(0)

        'Output chain information of the selected certificate.
        Dim ch As New X509Chain()
        ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
        Console.WriteLine("Chain Information")
        Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
        Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
        Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
        Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
        Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
        Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
        Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)

        'Output chain element information.
        Console.WriteLine("Chain Element Information")
        Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count)
        Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine)

        Dim element As X509ChainElement
        For Each element In ch.ChainElements
            Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer)
            Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter)
            Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify())
            Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length)
            Console.WriteLine("Element information: {0}", element.Information)
            Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine)

            If ch.ChainStatus.Length > 1 Then
                Dim index As Integer
                For index = 0 To element.ChainElementStatus.Length
                Next index
            End If
        Next element
    End Sub
End Class


X509Chainオブジェクトには、グローバルなエラー状態と呼ばれるChainStatus証明書の検証を使用する必要があります。The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. 証明書の検証を制御する規則は複雑で、関連する要素の 1 つ以上のエラー状態を無視することによって、検証ロジックを簡単に説明する簡単です。The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved. グローバルなエラー状態では、チェーン内の各要素の状態が考慮されます。The global error status takes into consideration the status of each element in the chain.


以降では、 .NET Framework 4.6.NET Framework 4.6、この実装の入力、IDisposableインターフェイス。Starting with the .NET Framework 4.6.NET Framework 4.6, this type implements the IDisposable interface. 型の使用が完了したら、直接的または間接的に型を破棄する必要があります。When you have finished using the type, you should dispose of it either directly or indirectly. 直接的に型を破棄するには、try / catch ブロック内で Dispose メソッドを呼び出します。To dispose of the type directly, call its Dispose method in a try/catch block. 間接的に型を破棄するには、using (C# の場合) または Using (Visual Basic 言語) などの言語構成要素を使用します。To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). 詳細については、IDisposable インターフェイスに関するトピック内の「IDisposable を実装するオブジェクトの使用」セクションを参照してください。For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.

対象とするアプリ、.NET Framework 4.5.2.NET Framework 4.5.2以前のバージョン、X509Chainクラスは実装しない、IDisposableインターフェイスし、したがって必要はありません、Disposeメソッド。For apps that target the .NET Framework 4.5.2.NET Framework 4.5.2 and earlier versions, the X509Chain class does not implement the IDisposable interface and therefore does not have a Dispose method.


X509Chain() X509Chain() X509Chain() X509Chain()

X509Chain クラスの新しいインスタンスを初期化します。Initializes a new instance of the X509Chain class.

X509Chain(Boolean) X509Chain(Boolean) X509Chain(Boolean) X509Chain(Boolean)

コンピューターのコンテキストを使用するかどうかを示す値を指定して、X509Chain クラスの新しいインスタンスを初期化します。Initializes a new instance of the X509Chain class specifying a value that indicates whether the machine context should be used.

X509Chain(IntPtr) X509Chain(IntPtr) X509Chain(IntPtr) X509Chain(IntPtr)

X.509 チェーンを識別する X509Chain ハンドルを使用して IntPtr クラスの新しいインスタンスを初期化します。Initializes a new instance of the X509Chain class using an IntPtr handle to an X.509 chain.


ChainContext ChainContext ChainContext ChainContext

X.509 チェーンを識別するハンドルを取得します。Gets a handle to an X.509 chain.

ChainElements ChainElements ChainElements ChainElements

X509ChainElement オブジェクトのコレクションを取得します。Gets a collection of X509ChainElement objects.

ChainPolicy ChainPolicy ChainPolicy ChainPolicy

X.509 証明書チェーンを作成するときに使用する X509ChainPolicy を取得または設定します。Gets or sets the X509ChainPolicy to use when building an X.509 certificate chain.

ChainStatus ChainStatus ChainStatus ChainStatus

X509Chain オブジェクト内の各要素の状態を取得します。Gets the status of each element in an X509Chain object.

SafeHandle SafeHandle SafeHandle SafeHandle

この X509Chain インスタンスのセーフ ハンドルを取得します。Gets a safe handle for this X509Chain instance.


Build(X509Certificate2) Build(X509Certificate2) Build(X509Certificate2) Build(X509Certificate2)

X509ChainPolicy で指定したポリシーを使用して X.509 チェーンを作成します。Builds an X.509 chain using the policy specified in X509ChainPolicy.

Create() Create() Create() Create()

CryptoConfig ファイルで定義されたマップを照会した後で X509Chain オブジェクトを作成し、チェーンをそのマップに割り当てます。Creates an X509Chain object after querying for the mapping defined in the CryptoConfig file, and maps the chain to that mapping.

Dispose() Dispose() Dispose() Dispose()

この X509Chain によって使用されているすべてのリソースを解放します。Releases all of the resources used by this X509Chain.

Dispose(Boolean) Dispose(Boolean) Dispose(Boolean) Dispose(Boolean)

この X509Chain によって使用されているアンマネージド リソースを解放します。オプションとして、マネージド リソースを解放することもできます。Releases the unmanaged resources used by this X509Chain, and optionally releases the managed resources.

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

指定したオブジェクトが、現在のオブジェクトと等しいかどうかを判断します。Determines whether the specified object is equal to the current object.

(Inherited from Object)
Finalize() Finalize() Finalize() Finalize()
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

既定のハッシュ関数として機能します。Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

現在のインスタンスの Type を取得します。Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

現在の Object の簡易コピーを作成します。Creates a shallow copy of the current Object.

(Inherited from Object)
Reset() Reset() Reset() Reset()

現在の X509Chain オブジェクトを消去します。Clears the current X509Chain object.

ToString() ToString() ToString() ToString()

現在のオブジェクトを表す文字列を返します。Returns a string that represents the current object.

(Inherited from Object)