X509Chain 类
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
表示证书的链生成引擎 X509Certificate2 。
public ref class X509Chain : IDisposable
public ref class X509Chain
public class X509Chain : IDisposable
public class X509Chain
type X509Chain = class
interface IDisposable
type X509Chain = class
Public Class X509Chain
Implements IDisposable
Public Class X509Chain
- 继承
-
X509Chain
- 实现
示例
下面的代码示例打开当前用户的个人证书存储区,允许你选择证书,然后将证书和证书链信息写入控制台。 输出取决于所选证书。
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
class TestX509Chain
{
static void Main(string[] args)
{
//Create new X509 store from local certificate store.
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
//Output store information.
Console.WriteLine ("Store Information");
Console.WriteLine ("Number of certificates in the store: {0}", store.Certificates.Count);
Console.WriteLine ("Store location: {0}", store.Location);
Console.WriteLine ("Store name: {0} {1}", store.Name, Environment.NewLine);
//Put certificates from the store into a collection so user can select one.
X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);
X509Certificate2 certificate = collection[0];
X509Certificate2UI.DisplayCertificate(certificate);
//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
//Output chain element information.
Console.WriteLine ("Chain Element Information");
Console.WriteLine ("Number of chain elements: {0}", ch.ChainElements.Count);
Console.WriteLine ("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine);
foreach (X509ChainElement element in ch.ChainElements)
{
Console.WriteLine ("Element issuer name: {0}", element.Certificate.Issuer);
Console.WriteLine ("Element certificate valid until: {0}", element.Certificate.NotAfter);
Console.WriteLine ("Element certificate is valid: {0}", element.Certificate.Verify ());
Console.WriteLine ("Element error status length: {0}", element.ChainElementStatus.Length);
Console.WriteLine ("Element information: {0}", element.Information);
Console.WriteLine ("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine);
if (ch.ChainStatus.Length > 1)
{
for (int index = 0; index < element.ChainElementStatus.Length; index++)
{
Console.WriteLine (element.ChainElementStatus[index].Status);
Console.WriteLine (element.ChainElementStatus[index].StatusInformation);
}
}
}
store.Close();
}
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.IO
Class TestX509Chain
Shared Sub Main(ByVal args() As String)
'Create new X509 store from local certificate store.
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.OpenExistingOnly Or OpenFlags.ReadWrite)
'Output store information.
Console.WriteLine("Store Information")
Console.WriteLine("Number of certificates in the store: {0}", store.Certificates.Count)
Console.WriteLine("Store location: {0}", store.Location)
Console.WriteLine("Store name: {0} {1}", store.Name, Environment.NewLine)
'Put certificates from the store into a collection so user can select one.
Dim fcollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
Dim collection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection)
Dim certificate As X509Certificate2 = collection(0)
X509Certificate2UI.DisplayCertificate(certificate)
'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
ch.Build(certificate)
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)
'Output chain element information.
Console.WriteLine("Chain Element Information")
Console.WriteLine("Number of chain elements: {0}", ch.ChainElements.Count)
Console.WriteLine("Chain elements synchronized? {0} {1}", ch.ChainElements.IsSynchronized, Environment.NewLine)
Dim element As X509ChainElement
For Each element In ch.ChainElements
Console.WriteLine("Element issuer name: {0}", element.Certificate.Issuer)
Console.WriteLine("Element certificate valid until: {0}", element.Certificate.NotAfter)
Console.WriteLine("Element certificate is valid: {0}", element.Certificate.Verify())
Console.WriteLine("Element error status length: {0}", element.ChainElementStatus.Length)
Console.WriteLine("Element information: {0}", element.Information)
Console.WriteLine("Number of element extensions: {0}{1}", element.Certificate.Extensions.Count, Environment.NewLine)
If ch.ChainStatus.Length > 1 Then
Dim index As Integer
For index = 0 To element.ChainElementStatus.Length
Console.WriteLine(element.ChainElementStatus(index).Status)
Console.WriteLine(element.ChainElementStatus(index).StatusInformation)
Next index
End If
Next element
store.Close()
End Sub
End Class
注解
该 X509Chain 对象具有一个全局错误状态, ChainStatus 该状态应用于证书验证。 管理证书验证的规则很复杂,通过忽略涉及的一个或多个元素的错误状态,可以轻松过度简化验证逻辑。 全局错误状态将考虑链中每个元素的状态。
Important
从 .NET Framework 4.6 开始,此类型实现 IDisposable 接口。 使用完该类型后,应直接或间接处理它。 若要直接释放类型,请在块中Disposetry/调用其catch方法。 若要间接释放它,请使用语言构造,例如 using (在 C# 中)或 Using (在 Visual Basic 中)。 有关详细信息,请参阅接口主题中的 IDisposable “使用实现 IDisposable 的对象”部分。
对于面向 .NET Framework 4.5.2 及更低版本的应用,该 X509Chain 类不实现 IDisposable 接口,因此没有方法 Dispose 。
释放 X509Chain时,不会释放传入 ChainElements 的证书。 不再需要证书实例时,应释放此集合中的证书。
构造函数
| 名称 | 说明 |
|---|---|
| X509Chain() |
初始化 X509Chain 类的新实例。 |
| X509Chain(Boolean) |
初始化类的新实例 X509Chain ,指定一个值,该值指示是否应使用计算机上下文。 |
| X509Chain(IntPtr) |
属性
| 名称 | 说明 |
|---|---|
| ChainContext |
获取 X.509 链的句柄。 |
| ChainElements |
获取对象的集合 X509ChainElement 。 |
| ChainPolicy |
获取或设置 X509ChainPolicy 生成 X.509 证书链时要使用的项。 |
| ChainStatus |
获取对象中 X509Chain 每个元素的状态。 |
| SafeHandle |
获取此 X509Chain 实例的安全句柄。 |
方法
| 名称 | 说明 |
|---|---|
| Build(X509Certificate2) |
使用中指定的 X509ChainPolicy策略生成 X.509 链。 |
| Create() |
在查询 CryptoConfig 文件中定义的映射后创建一个 X509Chain 对象,并将链映射到该映射。 |
| Dispose() |
释放由此 X509Chain使用的所有资源。 |
| Dispose(Boolean) |
释放此 X509Chain资源所使用的非托管资源,并选择性地释放托管资源。 |
| Equals(Object) |
确定指定的对象是否等于当前对象。 (继承自 Object) |
| GetHashCode() |
用作默认哈希函数。 (继承自 Object) |
| GetType() |
获取当前实例的 Type。 (继承自 Object) |
| MemberwiseClone() |
创建当前 Object的浅表副本。 (继承自 Object) |
| Reset() |
清除当前 X509Chain 对象。 |
| ToString() |
返回一个表示当前对象的字符串。 (继承自 Object) |