RemoteCertificateValidationCallback 委托

定义

验证用于身份验证的远程安全套接字层 (SSL) 证书。Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.

public delegate bool RemoteCertificateValidationCallback(System::Object ^ sender, X509Certificate ^ certificate, X509Chain ^ chain, SslPolicyErrors sslPolicyErrors);
public delegate bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors);
type RemoteCertificateValidationCallback = delegate of obj * X509Certificate * X509Chain * SslPolicyErrors -> bool
Public Delegate Function RemoteCertificateValidationCallback(sender As Object, certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors) As Boolean 

参数

sender
Object

一个对象,它包含此验证的状态信息。An object that contains state information for this validation.

certificate
X509Certificate

用于对远程方进行身份验证的证书。The certificate used to authenticate the remote party.

chain
X509Chain

与远程证书关联的证书颁发机构链。The chain of certificate authorities associated with the remote certificate.

sslPolicyErrors
SslPolicyErrors

与远程证书关联的一个或多个错误。One or more errors associated with the remote certificate.

返回值

Boolean

Boolean 值,它确定是否接受指定证书进行身份验证。A Boolean value that determines whether the specified certificate is accepted for authentication.

继承
RemoteCertificateValidationCallback

示例

下面的代码示例实现RemoteCertificateValidationCallback类的实例所调用的方法。The following code example implements a method that is invoked by an instance of the RemoteCertificateValidationCallback class. 如果存在验证错误, 则此方法将显示这些错误false并返回, 这会阻止与未经身份验证的服务器进行通信。If there are validation errors, this method displays them and returns false, which prevents communication with the unauthenticated server.

    // Load a table of errors that might cause 
    // the certificate authentication to fail.
    static void InitializeCertificateErrors()
    {
        certificateErrors->Add(0x800B0101,
            "The certification has expired.");
        certificateErrors->Add(0x800B0104,
            "A path length constraint "
            "in the certification chain has been violated.");
        certificateErrors->Add(0x800B0105,
            "A certificate contains an unknown extension "
            "that is marked critical.");
        certificateErrors->Add(0x800B0107,
            "A parent of a given certificate in fact "
            "did not issue that child certificate.");
        certificateErrors->Add(0x800B0108,
            "A certificate is missing or has an empty value "
            "for a necessary field.");
        certificateErrors->Add(0x800B0109,
            "The certificate root is not trusted.");
        certificateErrors->Add(0x800B010C,
            "The certificate has been revoked.");
        certificateErrors->Add(0x800B010F,
            "The name in the certificate does not not match "
            "the host name requested by the client.");
        certificateErrors->Add(0x800B0111,
            "The certificate was explicitly marked "
            "as untrusted by the user.");
        certificateErrors->Add(0x800B0112,
            "A certification chain processed correctly, "
            "but one of the CA certificates is not trusted.");
        certificateErrors->Add(0x800B0113,
            "The certificate has an invalid policy.");
        certificateErrors->Add(0x800B0114,
            "The certificate name is either not "
            "in the permitted list or is explicitly excluded.");
        certificateErrors->Add(0x80092012,
            "The revocation function was unable to check "
            "revocation for the certificate.");
        certificateErrors->Add(0x80090327,
            "An unknown error occurred while "
            "processing the certificate.");
        certificateErrors->Add(0x80096001,
            "A system-level error occurred "
            "while verifying trust.");
        certificateErrors->Add(0x80096002,
            "The certificate for the signer of the message "
            "is invalid or not found.");
        certificateErrors->Add(0x80096003,
            "One of the counter signatures was invalid.");
        certificateErrors->Add(0x80096004,
            "The signature of the certificate "
            "cannot be verified.");
        certificateErrors->Add(0x80096005,
            "The time stamp signature or certificate "
            "could not be verified or is malformed.");
        certificateErrors->Add(0x80096010,
            "The digital signature of the object "
            "was not verified.");
        certificateErrors->Add(0x80096019,
            "The basic constraint extension of a certificate "
            "has not been observed.");
    }

    static String^ CertificateErrorDescription(UInt32 problem)
    {
        // Initialize the error message dictionary 
        // if it is not yet available.
        if (certificateErrors->Count == 0)
        {
            InitializeCertificateErrors();
        }

        String^ description = safe_cast<String^>(
            certificateErrors[problem]);
        if (description == nullptr)
        {
            description = String::Format(
                CultureInfo::CurrentCulture,
                "Unknown certificate error - 0x{0:x8}",
                problem);
        }

        return description;
    }

public:
    // The following method is invoked 
    // by the CertificateValidationDelegate.
static bool ValidateServerCertificate(
        Object^ sender,
        X509Certificate^ certificate,
        X509Chain^ chain,
        SslPolicyErrors sslPolicyErrors)
    {
    
        Console::WriteLine("Validating the server certificate.");
        if (sslPolicyErrors == SslPolicyErrors::None)
            return true;

        Console::WriteLine("Certificate error: {0}", sslPolicyErrors);

        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }

  // The following method is invoked by the RemoteCertificateValidationDelegate.
  public static bool ValidateServerCertificate(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors)
  {
     if (sslPolicyErrors == SslPolicyErrors.None)
          return true;

      Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
      
      // Do not allow this client to communicate with unauthenticated servers.
      return false;
  }

下面的代码示例使用在前面的代码示例中定义的方法创建委托。The following code example creates the delegate using the method defined in the preceding code example.

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient^ client = gcnew TcpClient(machineName, 8080);
Console::WriteLine("Client connected.");
  
// Create an SSL stream that will close 
// the client's stream.
SslStream^ sslStream = gcnew SslStream(
    client->GetStream(), false,
    gcnew RemoteCertificateValidationCallback(ValidateServerCertificate),
    nullptr);
  
// The server name must match the name
// on the server certificate.
try
{
    sslStream->AuthenticateAsClient(serverName);
}
catch (AuthenticationException^ ex) 
{
    Console::WriteLine("Exception: {0}", ex->Message);
    if (ex->InnerException != nullptr)
    {
        Console::WriteLine("Inner exception: {0}", 
            ex->InnerException->Message);
    }

    Console::WriteLine("Authentication failed - "
        "closing the connection.");
    sslStream->Close();
    client->Close();
    return;
}
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,443);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
    client.GetStream(), 
    false, 
    new RemoteCertificateValidationCallback (ValidateServerCertificate), 
    null
    );
// The server name must match the name on the server certificate.
try 
{
    sslStream.AuthenticateAsClient(serverName);
} 
catch (AuthenticationException e)
{
    Console.WriteLine("Exception: {0}", e.Message);
    if (e.InnerException != null)
    {
        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
    }
    Console.WriteLine ("Authentication failed - closing the connection.");
    client.Close();
    return;
}

注解

委托的sslPolicyErrors参数包含 SSPI 在对客户端或服务器进行身份验证时返回的任何证书错误。The delegate's sslPolicyErrors argument contains any certificate errors returned by SSPI while authenticating the client or server. 此委托调用的方法返回的值将确定是否允许身份验证成功。BooleanThe Boolean value returned by the method invoked by this delegate determines whether the authentication is allowed to succeed.

此委托与SslStream类一起使用。This delegate is used with the SslStream class.

扩展方法

GetMethodInfo(Delegate)

获取指示指定委托表示的方法的对象。Gets an object that represents the method represented by the specified delegate.

适用于

另请参阅