RemoteCertificateValidationCallback 대리자

정의

네임스페이스:

System.Net.Security

어셈블리:

System.Net.Security.dll

어셈블리:

System.dll

어셈블리:

netstandard.dll

인증에 사용되는 원격 SSL(Secure Sockets Layer) 인증서를 확인합니다.

public delegate bool RemoteCertificateValidationCallback(System::Object ^ sender, X509Certificate ^ certificate, X509Chain ^ chain, SslPolicyErrors sslPolicyErrors);

public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors);

public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);

type RemoteCertificateValidationCallback = delegate of obj * X509Certificate * X509Chain * SslPolicyErrors -> bool

Public Delegate Function RemoteCertificateValidationCallback(sender As Object, certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors) As Boolean 

매개 변수

sender

Object

이 유효성 검사에 대한 상태 정보가 들어 있는 개체입니다.

certificate

X509Certificate

원격측을 인증하는 데 사용되는 인증서입니다.

chain

X509Chain

원격 인증서와 연결된 인증 기관의 체인입니다.

sslPolicyErrors

SslPolicyErrors

원격 인증서와 관련된 하나 이상의 오류입니다.

반환 값

Boolean

지정된 인증서를 인증에 사용할 수 있는지 여부를 나타내는 Boolean 값입니다.

예제

다음 코드 예제에서는 클래스의 인스턴스에 의해 호출 되는 메서드를 구현 합니다 RemoteCertificateValidationCallback . 유효성 검사 오류가 있는 경우 이 메서드는 오류를 표시하고 반환 false하여 인증되지 않은 서버와의 통신을 방지합니다.

    // Load a table of errors that might cause 
    // the certificate authentication to fail.
    static void InitializeCertificateErrors()
    {
        certificateErrors->Add(0x800B0101,
            "The certification has expired.");
        certificateErrors->Add(0x800B0104,
            "A path length constraint "
            "in the certification chain has been violated.");
        certificateErrors->Add(0x800B0105,
            "A certificate contains an unknown extension "
            "that is marked critical.");
        certificateErrors->Add(0x800B0107,
            "A parent of a given certificate in fact "
            "did not issue that child certificate.");
        certificateErrors->Add(0x800B0108,
            "A certificate is missing or has an empty value "
            "for a necessary field.");
        certificateErrors->Add(0x800B0109,
            "The certificate root is not trusted.");
        certificateErrors->Add(0x800B010C,
            "The certificate has been revoked.");
        certificateErrors->Add(0x800B010F,
            "The name in the certificate does not not match "
            "the host name requested by the client.");
        certificateErrors->Add(0x800B0111,
            "The certificate was explicitly marked "
            "as untrusted by the user.");
        certificateErrors->Add(0x800B0112,
            "A certification chain processed correctly, "
            "but one of the CA certificates is not trusted.");
        certificateErrors->Add(0x800B0113,
            "The certificate has an invalid policy.");
        certificateErrors->Add(0x800B0114,
            "The certificate name is either not "
            "in the permitted list or is explicitly excluded.");
        certificateErrors->Add(0x80092012,
            "The revocation function was unable to check "
            "revocation for the certificate.");
        certificateErrors->Add(0x80090327,
            "An unknown error occurred while "
            "processing the certificate.");
        certificateErrors->Add(0x80096001,
            "A system-level error occurred "
            "while verifying trust.");
        certificateErrors->Add(0x80096002,
            "The certificate for the signer of the message "
            "is invalid or not found.");
        certificateErrors->Add(0x80096003,
            "One of the counter signatures was invalid.");
        certificateErrors->Add(0x80096004,
            "The signature of the certificate "
            "cannot be verified.");
        certificateErrors->Add(0x80096005,
            "The time stamp signature or certificate "
            "could not be verified or is malformed.");
        certificateErrors->Add(0x80096010,
            "The digital signature of the object "
            "was not verified.");
        certificateErrors->Add(0x80096019,
            "The basic constraint extension of a certificate "
            "has not been observed.");
    }

    static String^ CertificateErrorDescription(UInt32 problem)
    {
        // Initialize the error message dictionary 
        // if it is not yet available.
        if (certificateErrors->Count == 0)
        {
            InitializeCertificateErrors();
        }

        String^ description = safe_cast<String^>(
            certificateErrors[problem]);
        if (description == nullptr)
        {
            description = String::Format(
                CultureInfo::CurrentCulture,
                "Unknown certificate error - 0x{0:x8}",
                problem);
        }

        return description;
    }

public:
    // The following method is invoked 
    // by the CertificateValidationDelegate.
static bool ValidateServerCertificate(
        Object^ sender,
        X509Certificate^ certificate,
        X509Chain^ chain,
        SslPolicyErrors sslPolicyErrors)
    {
    
        Console::WriteLine("Validating the server certificate.");
        if (sslPolicyErrors == SslPolicyErrors::None)
            return true;

        Console::WriteLine("Certificate error: {0}", sslPolicyErrors);

        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }

// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
      object sender,
      X509Certificate certificate,
      X509Chain chain,
      SslPolicyErrors sslPolicyErrors)
{
   if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

    // Do not allow this client to communicate with unauthenticated servers.
    return false;
}

다음 코드 예제에서는 앞의 코드 예제에 정의된 메서드를 사용하여 대리자를 만듭니다.

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient^ client = gcnew TcpClient(machineName, 8080);
Console::WriteLine("Client connected.");
  
// Create an SSL stream that will close 
// the client's stream.
SslStream^ sslStream = gcnew SslStream(
    client->GetStream(), false,
    gcnew RemoteCertificateValidationCallback(ValidateServerCertificate),
    nullptr);
  
// The server name must match the name
// on the server certificate.
try
{
    sslStream->AuthenticateAsClient(serverName);
}
catch (AuthenticationException^ ex) 
{
    Console::WriteLine("Exception: {0}", ex->Message);
    if (ex->InnerException != nullptr)
    {
        Console::WriteLine("Inner exception: {0}", 
            ex->InnerException->Message);
    }

    Console::WriteLine("Authentication failed - "
        "closing the connection.");
    sslStream->Close();
    client->Close();
    return;
}

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,443);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
    client.GetStream(),
    false,
    new RemoteCertificateValidationCallback (ValidateServerCertificate),
    null
    );
// The server name must match the name on the server certificate.
try
{
    sslStream.AuthenticateAsClient(serverName);
}
catch (AuthenticationException e)
{
    Console.WriteLine("Exception: {0}", e.Message);
    if (e.InnerException != null)
    {
        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
    }
    Console.WriteLine ("Authentication failed - closing the connection.");
    client.Close();
    return;
}

설명

대리자의 sslPolicyErrors 인수에는 클라이언트 또는 서버를 인증하는 동안 SSPI에서 반환된 인증서 오류가 포함됩니다. Boolean 이 대리자가 호출하는 메서드에서 반환되는 값은 인증이 성공할 수 있는지 여부를 결정합니다.

이 대리자는 클래스와 SslStream 함께 사용됩니다.

확장 메서드

GetMethodInfo(Delegate)

지정된 대리자가 나타내는 메서드를 나타내는 개체를 가져옵니다.

추가 정보

• LocalCertificateSelectionCallback