X509Chain 类
定义
表示 X509Certificate2 证书的链生成引擎。Represents a chain-building engine for X509Certificate2 certificates.
public ref class X509Chain : IDisposable
public ref class X509Chain
public class X509Chain : IDisposable
public class X509Chain
type X509Chain = class
interface IDisposable
type X509Chain = class
Public Class X509Chain
Implements IDisposable
Public Class X509Chain
- 继承
-
X509Chain
- 实现
示例
下面的代码示例将打开当前用户的个人证书存储区,允许你选择证书,然后将证书和证书链信息写入控制台。The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. 输出取决于所选的证书。The output depends on the certificate you select.
#using <System.dll>
#using <System.Security.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
using namespace System::IO;
int main()
{
//Create new X509 store from local certificate store.
X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
store->Open( static_cast<OpenFlags>(OpenFlags::OpenExistingOnly | OpenFlags::ReadWrite) );
//Output store information.
Console::WriteLine( "Store Information" );
Console::WriteLine( "Number of certificates in the store: {0}", store->Certificates->Count );
Console::WriteLine( "Store location: {0}", store->Location );
Console::WriteLine( "Store name: {0} {1}", store->Name, Environment::NewLine );
//Put certificates from the store into a collection so user can select one.
X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
X509Certificate2Collection ^ collection = X509Certificate2UI::SelectFromCollection(fcollection, "Select an X509 Certificate","Choose a certificate to examine.",X509SelectionFlag::SingleSelection);
X509Certificate2 ^ certificate = collection[ 0 ];
X509Certificate2UI::DisplayCertificate(certificate);
//Output chain information of the selected certificate.
X509Chain ^ ch = gcnew X509Chain;
ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
ch->Build( certificate );
Console::WriteLine( "Chain Information" );
Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );
//Output chain element information.
Console::WriteLine( "Chain Element Information" );
Console::WriteLine( "Number of chain elements: {0}", ch->ChainElements->Count );
Console::WriteLine( "Chain elements synchronized? {0} {1}", ch->ChainElements->IsSynchronized, Environment::NewLine );
System::Collections::IEnumerator^ myEnum = ch->ChainElements->GetEnumerator();
while ( myEnum->MoveNext() )
{
X509ChainElement ^ element = safe_cast<X509ChainElement ^>(myEnum->Current);
Console::WriteLine( "Element issuer name: {0}", element->Certificate->Issuer );
Console::WriteLine( "Element certificate valid until: {0}", element->Certificate->NotAfter );
Console::WriteLine( "Element certificate is valid: {0}", element->Certificate->Verify() );
Console::WriteLine( "Element error status length: {0}", element->ChainElementStatus->Length );
Console::WriteLine( "Element information: {0}", element->Information );
Console::WriteLine( "Number of element extensions: {0}{1}", element->Certificate->Extensions->Count, Environment::NewLine );
if ( ch->ChainStatus->Length > 1 )
{
for ( int index = 0; index < element->ChainElementStatus->Length; index++ )
{
Console::WriteLine( element->ChainElementStatus[ index ].Status );
Console::WriteLine( element->ChainElementStatus[ index ].StatusInformation );
}
}
}
store->Close();
}
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
class TestX509Chain
{
static void Main(string[] args)
{
//Create new X509 store from local certificate store.
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
//Output store information.
Console.WriteLine ("Store Information");
Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
Console.WriteLine ("Store location: {0}", store.Location);
Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
//Put certificates from the store into a collection so user can select one.
X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
X509Certificate2 certificate = collection[0];
X509Certificate2UI.DisplayCertificate(certificate);
//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
//Output chain element information.
Console.WriteLine ("Chain Element Information");
Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
foreach (X509ChainElement element in ch.ChainElements)
{
Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
Console.WriteLine ("Element information: {0}", element.Information);
Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);
if (ch.ChainStatus.Length > 1)
{
for (int index = 0; index < element.ChainElementStatus.Length; index++)
{
Console.WriteLine (element.ChainElementStatus[index].Status);
Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
}
}
}
store.Close();
}
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Class TestX509Chain
Shared Sub Main(ByVal args() As String)
'Create new X509 store from local certificate store.
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.OpenExistingOnly Or OpenFlags.ReadWrite)
'Output store information.
Console.WriteLine("Store Information")
Console.WriteLine("Number of certificates in the store: {0}", store.Certificates.Count)
Console.WriteLine("Store location: {0}", store.Location)
Console.WriteLine("Store name: {0} {1}", store.Name, Environment.NewLine)
'Put certificates from the store into a collection so user can select one.
Dim fcollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
Dim collection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection)
Dim certificate As X509Certificate2 = collection(0)
X509Certificate2UI.DisplayCertificate(certificate)
'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
ch.Build(certificate)
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)
'Output chain element information.
Console.WriteLine("Chain Element Information")
Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count)
Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine)
Dim element As X509ChainElement
For Each element In ch.ChainElements
Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer)
Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter)
Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify())
Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length)
Console.WriteLine("Element information: {0}", element.Information)
Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine)
If ch.ChainStatus.Length > 1 Then
Dim index As Integer
For index = 0 To element.ChainElementStatus.Length
Console.WriteLine(element.ChainElementStatus(index).Status)
Console.WriteLine(element.ChainElementStatus(index).StatusInformation)
Next index
End If
Next element
store.Close()
End Sub
End Class
注解
X509Chain对象具有一个全局错误状态 ChainStatus ,该状态应用于证书验证。The X509Chain object has a global error status called ChainStatus that should be used for certificate validation. 控制证书验证的规则非常复杂,通过忽略涉及到的一个或多个元素的错误状态,可以轻松地过分简化其中验证逻辑。The rules governing certificate validation are complex, and it is easy to oversimplify the validation logic by ignoring the error status of one or more of the elements involved. 全局错误状态会考虑链中每个元素的状态。The global error status takes into consideration the status of each element in the chain.
重要
从 .NET Framework 4.6 开始,此类型实现 IDisposable 接口。Starting with the .NET Framework 4.6, this type implements the IDisposable interface. 在使用完类型后,您应直接或间接释放类型。When you have finished using the type, you should dispose of it either directly or indirectly. 若要直接释放类型,请在 try/catch 块中调用其 Dispose 方法。To dispose of the type directly, call its Dispose method in a try/catch block. 若要间接释放类型,请使用 using(在 C# 中)或 Using(在 Visual Basic 中)等语言构造。To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). 有关详细信息,请参阅 IDisposable 接口主题中的“使用实现 IDisposable 的对象”一节。For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.
对于面向 .NET Framework 4.5.2 和更早版本的应用, X509Chain 类不实现 IDisposable 接口,因此不具有 Dispose 方法。For apps that target the .NET Framework 4.5.2 and earlier versions, the X509Chain class does not implement the IDisposable interface and therefore does not have a Dispose method.
构造函数
| X509Chain() |
初始化 X509Chain 类的新实例。Initializes a new instance of the X509Chain class. |
| X509Chain(Boolean) |
通过指定一个值指示是否应使用计算机上下文,初始化 X509Chain 类的新实例。Initializes a new instance of the X509Chain class specifying a value that indicates whether the machine context should be used. |
| X509Chain(IntPtr) |
使用 X.509 链的 X509Chain 句柄初始化 IntPtr 类的新实例。Initializes a new instance of the X509Chain class using an IntPtr handle to an X.509 chain. |
属性
| ChainContext |
获取 X.509 链的句柄。Gets a handle to an X.509 chain. |
| ChainElements |
获取 X509ChainElement 对象的集合。Gets a collection of X509ChainElement objects. |
| ChainPolicy |
获取或设置生成 X.509 证书链时要使用的 X509ChainPolicy。Gets or sets the X509ChainPolicy to use when building an X.509 certificate chain. |
| ChainStatus |
获取 X509Chain 对象中每个元素的状态。Gets the status of each element in an X509Chain object. |
| SafeHandle |
获取此 X509Chain 实例的安全句柄。Gets a safe handle for this X509Chain instance. |
方法
| Build(X509Certificate2) |
使用 X509ChainPolicy 所指定的策略生成 X.509 链。Builds an X.509 chain using the policy specified in X509ChainPolicy. |
| Create() |
查询 CryptoConfig 文件中定义的映射后,创建一个 X509Chain 对象,并将链映射到该映射。Creates an X509Chain object after querying for the mapping defined in the CryptoConfig file, and maps the chain to that mapping. |
| Dispose() |
释放由此 X509Chain 使用的所有资源。Releases all of the resources used by this X509Chain. |
| Dispose(Boolean) |
释放此 X509Chain 使用的非托管资源,并且可选择释放托管资源。Releases the unmanaged resources used by this X509Chain, and optionally releases the managed resources. |
| Equals(Object) |
确定指定对象是否等于当前对象。Determines whether the specified object is equal to the current object. (继承自 Object) |
| Finalize() |
释放该实例占用的非托管资源。Releases the unmanaged resources held by this instance. |
| GetHashCode() |
作为默认哈希函数。Serves as the default hash function. (继承自 Object) |
| GetType() |
获取当前实例的 Type。Gets the Type of the current instance. (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。Creates a shallow copy of the current Object. (继承自 Object) |
| Reset() | |
| ToString() |
返回表示当前对象的字符串。Returns a string that represents the current object. (继承自 Object) |