ICertificatePolicy Interfaccia

Definizione

Convalida un certificato server.

public interface class ICertificatePolicy
public interface ICertificatePolicy
type ICertificatePolicy = interface
Public Interface ICertificatePolicy

Esempio

Nell'esempio seguente viene creato un criterio di certificato che restituisce false per qualsiasi problema di certificato e stampa un messaggio che indica il problema nella console. L'enumerazione CertificateProblem definisce costanti SSPI per i problemi di certificato e il metodo GetProblemMessage privato crea un messaggio stampabile sul problema.

public enum class CertificateProblem : UInt32
{
   CertEXPIRED = 0x800B0101,
   CertVALIDITYPERIODNESTING = 0x800B0102,
   CertROLE = 0x800B0103,
   CertPATHLENCONST = 0x800B0104,
   CertCRITICAL = 0x800B0105,
   CertPURPOSE = 0x800B0106,
   CertISSUERCHAINING = 0x800B0107,
   CertMALFORMED = 0x800B0108,
   CertUNTRUSTEDROOT = 0x800B0109,
   CertCHAINING = 0x800B010A,
   CertREVOKED = 0x800B010C,
   CertUNTRUSTEDTESTROOT = 0x800B010D,
   CertREVOCATION_FAILURE = 0x800B010E,
   CertCN_NO_MATCH = 0x800B010F,
   CertWRONG_USAGE = 0x800B0110,
   CertUNTRUSTEDCA = 0x800B0112
};

public ref class MyCertificateValidation: public ICertificatePolicy
{
public:

   // Default policy for certificate validation.
   static bool DefaultValidate = false;
   virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem )
   {
      bool ValidationResult = false;
      Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri );
      Console::Write( "Problem code 0x{0:X8},", (int)problem );
      Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) );
      ValidationResult = DefaultValidate;
      return ValidationResult;
   }

private:
   String^ GetProblemMessage( CertificateProblem Problem )
   {
      String^ ProblemMessage = "";
      CertificateProblem problemList = CertificateProblem(  );
      String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem );
      if ( ProblemCodeName != nullptr )
            ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName );
      else
            ProblemMessage = "Unknown Certificate Problem";

      return ProblemMessage;
   }
};
public  enum    CertificateProblem  : long
{
        CertEXPIRED                   = 0x800B0101,
        CertVALIDITYPERIODNESTING     = 0x800B0102,
        CertROLE                      = 0x800B0103,
        CertPATHLENCONST              = 0x800B0104,
        CertCRITICAL                  = 0x800B0105,
        CertPURPOSE                   = 0x800B0106,
        CertISSUERCHAINING            = 0x800B0107,
        CertMALFORMED                 = 0x800B0108,
        CertUNTRUSTEDROOT             = 0x800B0109,
        CertCHAINING                  = 0x800B010A,
        CertREVOKED                   = 0x800B010C,
        CertUNTRUSTEDTESTROOT         = 0x800B010D,
        CertREVOCATION_FAILURE        = 0x800B010E,
        CertCN_NO_MATCH               = 0x800B010F,
        CertWRONG_USAGE               = 0x800B0110,
        CertUNTRUSTEDCA               = 0x800B0112
}

public class MyCertificateValidation : ICertificatePolicy
{
    // Default policy for certificate validation.
    public static bool DefaultValidate = false;

    public bool CheckValidationResult(ServicePoint sp, X509Certificate cert,
       WebRequest request, int problem)
    {
        bool ValidationResult=false;
        Console.WriteLine("Certificate Problem with accessing " +
           request.RequestUri);
        Console.Write("Problem code 0x{0:X8},",(int)problem);
        Console.WriteLine(GetProblemMessage((CertificateProblem)problem));

        ValidationResult = DefaultValidate;
        return ValidationResult;
    }

    private String GetProblemMessage(CertificateProblem Problem)
    {
        String ProblemMessage = "";
        CertificateProblem problemList = new CertificateProblem();
        String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem);
        if(ProblemCodeName != null)
           ProblemMessage = ProblemMessage + "-Certificateproblem:" +
              ProblemCodeName;
        else
           ProblemMessage = "Unknown Certificate Problem";
        return ProblemMessage;
     }
}
Public Enum CertificateProblem As Long
    CertEXPIRED                   = 2148204801    ' 0x800B0101
    CertVALIDITYPERIODNESTING     = 2148204802    ' 0x800B0102
    CertROLE                      = 2148204803    ' 0x800B0103
    CertPATHLENCONST              = 2148204804    ' 0x800B0104
    CertCRITICAL                  = 2148204805    ' 0x800B0105
    CertPURPOSE                   = 2148204806    ' 0x800B0106
    CertISSUERCHAINING            = 2148204807    ' 0x800B0107
    CertMALFORMED                 = 2148204808    ' 0x800B0108
    CertUNTRUSTEDROOT             = 2148204809    ' 0x800B0109
    CertCHAINING                  = 2148204810    ' 0x800B010A
    CertREVOKED                   = 2148204812    ' 0x800B010C
    CertUNTRUSTEDTESTROOT         = 2148204813    ' 0x800B010D       
    CertREVOCATION_FAILURE        = 2148204814    ' 0x800B010E
    CertCN_NO_MATCH               = 2148204815    ' 0x800B010F
    CertWRONG_USAGE               = 2148204816    ' 0x800B0110
    CertUNTRUSTEDCA               = 2148204818     ' 0x800B0112
End Enum


Public Class MyCertificateValidation
    Implements ICertificatePolicy
    
    ' Default policy for certificate validation.
    Public Shared DefaultValidate As Boolean = False    
    
    Public Function CheckValidationResult(srvPoint As ServicePoint, _
       cert As X509Certificate, request As WebRequest, problem As Integer) _
       As Boolean Implements ICertificatePolicy.CheckValidationResult
       
        Dim ValidationResult As Boolean = False
        Console.WriteLine(("Certificate Problem with accessing " & _
           request.RequestUri.ToString()))
        Console.Write("Problem code 0x{0:X8},", CInt(problem))
        Console.WriteLine(GetProblemMessage(CType(problem, _
           CertificateProblem)))
        
        ValidationResult = DefaultValidate
        Return ValidationResult
    End Function    
    
    Private Function GetProblemMessage(Problem As CertificateProblem) As String
        Dim ProblemMessage As String = ""
        Dim problemList As New CertificateProblem()
        Dim ProblemCodeName As String = System.Enum.GetName( _
           problemList.GetType(), Problem)
        If Not (ProblemCodeName Is Nothing) Then
            ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
               ProblemCodeName
        Else
            ProblemMessage = "Unknown Certificate Problem"
        End If
        Return ProblemMessage
    End Function
End Class

Commenti

L'interfaccia ICertificatePolicy viene usata per fornire la convalida personalizzata del certificato di sicurezza per un'applicazione. Il criterio predefinito consiste nel consentire certificati validi, nonché certificati validi scaduti. Per modificare questo criterio, implementare l'interfaccia ICertificatePolicy con criteri diversi e quindi assegnare tale criterio a ServicePointManager.CertificatePolicy.

ICertificatePolicy usa l'interfaccia del provider di supporto della sicurezza (SSPI). Per altre informazioni, vedere la documentazione di SSPI in MSDN.

Metodi

CheckValidationResult(ServicePoint, X509Certificate, WebRequest, Int32)

Convalida un certificato server.

Si applica a