ICertificatePolicy インターフェイス
アセンブリ: System (system.dll 内)
構文
解説
セキュリティ証明書に対してアプリケーション独自の検証を行う場合、ICertificatePolicy インターフェイスを使用します。既定のポリシーでは有効な証明書が許可されますが、有効であれば期限が切れている証明書でも許可されてしまいます。このポリシーを変更するには、異なるポリシーで ICertificatePolicy インターフェイスを実装し、そのポリシーを ServicePointManager.CertificatePolicy に割り当てます。
ICertificatePolicy は、SSPI (Security Support Provider Interface) を使用します。詳細については、MSDN で SSPI のドキュメントを参照してください。
証明書に問題があれば false を返し、問題を説明するメッセージをコンソールに表示する証明書ポリシーの作成例を次に示します。enum 型の CertificateProblem が、証明書の問題を表す SSPI 定数を定義します。private メソッド GetProblemMessage が、問題に関する出力メッセージを作成します。
Public Enum CertificateProblem As Long CertEXPIRED = 2148204801 ' 0x800B0101 CertVALIDITYPERIODNESTING = 2148204802 ' 0x800B0102 CertROLE = 2148204803 ' 0x800B0103 CertPATHLENCONST = 2148204804 ' 0x800B0104 CertCRITICAL = 2148204805 ' 0x800B0105 CertPURPOSE = 2148204806 ' 0x800B0106 CertISSUERCHAINING = 2148204807 ' 0x800B0107 CertMALFORMED = 2148204808 ' 0x800B0108 CertUNTRUSTEDROOT = 2148204809 ' 0x800B0109 CertCHAINING = 2148204810 ' 0x800B010A CertREVOKED = 2148204812 ' 0x800B010C CertUNTRUSTEDTESTROOT = 2148204813 ' 0x800B010D CertREVOCATION_FAILURE = 2148204814 ' 0x800B010E CertCN_NO_MATCH = 2148204815 ' 0x800B010F CertWRONG_USAGE = 2148204816 ' 0x800B0110 CertUNTRUSTEDCA = 2148204818 ' 0x800B0112 End Enum Public Class MyCertificateValidation Implements ICertificatePolicy ' Default policy for certificate validation. Public Shared DefaultValidate As Boolean = False Public Function CheckValidationResult(srvPoint As ServicePoint, _ cert As X509Certificate, request As WebRequest, problem As Integer) _ As Boolean Implements ICertificatePolicy.CheckValidationResult Dim ValidationResult As Boolean = False Console.WriteLine(("Certificate Problem with accessing " & _ request.RequestUri.ToString())) Console.Write("Problem code 0x{0:X8},", CInt(problem)) Console.WriteLine(GetProblemMessage(CType(problem, _ CertificateProblem))) ValidationResult = DefaultValidate Return ValidationResult End Function Private Function GetProblemMessage(Problem As CertificateProblem) As String Dim ProblemMessage As String = "" Dim problemList As New CertificateProblem() Dim ProblemCodeName As String = System.Enum.GetName( _ problemList.GetType(), Problem) If Not (ProblemCodeName Is Nothing) Then ProblemMessage = ProblemMessage + "-Certificateproblem:" & _ ProblemCodeName Else ProblemMessage = "Unknown Certificate Problem" End If Return ProblemMessage End Function End Class
public enum CertificateProblem : long { CertEXPIRED = 0x800B0101, CertVALIDITYPERIODNESTING = 0x800B0102, CertROLE = 0x800B0103, CertPATHLENCONST = 0x800B0104, CertCRITICAL = 0x800B0105, CertPURPOSE = 0x800B0106, CertISSUERCHAINING = 0x800B0107, CertMALFORMED = 0x800B0108, CertUNTRUSTEDROOT = 0x800B0109, CertCHAINING = 0x800B010A, CertREVOKED = 0x800B010C, CertUNTRUSTEDTESTROOT = 0x800B010D, CertREVOCATION_FAILURE = 0x800B010E, CertCN_NO_MATCH = 0x800B010F, CertWRONG_USAGE = 0x800B0110, CertUNTRUSTEDCA = 0x800B0112 } public class MyCertificateValidation : ICertificatePolicy { // Default policy for certificate validation. public static bool DefaultValidate = false; public bool CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest request, int problem) { bool ValidationResult=false; Console.WriteLine("Certificate Problem with accessing " + request.RequestUri); Console.Write("Problem code 0x{0:X8},",(int)problem); Console.WriteLine(GetProblemMessage((CertificateProblem)problem)); ValidationResult = DefaultValidate; return ValidationResult; } private String GetProblemMessage(CertificateProblem Problem) { String ProblemMessage = ""; CertificateProblem problemList = new CertificateProblem(); String ProblemCodeName = Enum.GetName(problemList.GetType(),Problem); if(ProblemCodeName != null) ProblemMessage = ProblemMessage + "-Certificateproblem:" + ProblemCodeName; else ProblemMessage = "Unknown Certificate Problem"; return ProblemMessage; } }
public enum class CertificateProblem : UInt32 { CertEXPIRED = 0x800B0101, CertVALIDITYPERIODNESTING = 0x800B0102, CertROLE = 0x800B0103, CertPATHLENCONST = 0x800B0104, CertCRITICAL = 0x800B0105, CertPURPOSE = 0x800B0106, CertISSUERCHAINING = 0x800B0107, CertMALFORMED = 0x800B0108, CertUNTRUSTEDROOT = 0x800B0109, CertCHAINING = 0x800B010A, CertREVOKED = 0x800B010C, CertUNTRUSTEDTESTROOT = 0x800B010D, CertREVOCATION_FAILURE = 0x800B010E, CertCN_NO_MATCH = 0x800B010F, CertWRONG_USAGE = 0x800B0110, CertUNTRUSTEDCA = 0x800B0112 }; public ref class MyCertificateValidation: public ICertificatePolicy { public: // Default policy for certificate validation. static bool DefaultValidate = false; virtual bool CheckValidationResult( ServicePoint^ /*sp*/, X509Certificate^ /*cert*/, WebRequest^ request, int problem ) { bool ValidationResult = false; Console::WriteLine( "Certificate Problem with accessing {0}", request->RequestUri ); Console::Write( "Problem code 0x{0:X8},", (int)problem ); Console::WriteLine( GetProblemMessage( (CertificateProblem)problem ) ); ValidationResult = DefaultValidate; return ValidationResult; } private: String^ GetProblemMessage( CertificateProblem Problem ) { String^ ProblemMessage = ""; CertificateProblem problemList = CertificateProblem( ); String^ ProblemCodeName = Enum::GetName( problemList.GetType(), Problem ); if ( ProblemCodeName != nullptr ) ProblemMessage = String::Concat( ProblemMessage, "-Certificateproblem:", ProblemCodeName ); else ProblemMessage = "Unknown Certificate Problem"; return ProblemMessage; } };
public class CertificateProblem { public static final int certEXPIRED = 0x800B0101; public static final int certVALIDITYPERIODNESTING = 0x800B0102; public static final int certROLE = 0x800B0103; public static final int certPATHLENCONST = 0x800B0104; public static final int certCRITICAL = 0x800B0105; public static final int certPURPOSE = 0x800B0106; public static final int certISSUERCHAINING = 0x800B0107; public static final int certMALFORMED = 0x800B0108; public static final int certUNTRUSTEDROOT = 0x800B0109; public static final int certCHAINING = 0x800B010A; public static final int certREVOKED = 0x800B010C; public static final int certUNTRUSTEDTESTROOT = 0x800B010D; public static final int certREVOCATION_FAILURE = 0x800B010E; public static final int certCN_NO_MATCH = 0x800B010F; public static final int certWRONG_USAGE = 0x800B0110; public static final int certUNTRUSTEDCA = 0x800B0112; public String GetEnumCertificateProblem(int problem) { switch (problem) { case 0x800B0101 : return "CertExpired"; case 0x800B0102 : return "CertVALIDITYPERIODNESTING"; case 0x800B0103 : return "CertROLE"; case 0x800B0104 : return "CertPATHLENCONST"; case 0x800B0105 : return "CertCRITICAL"; case 0x800B0106 : return "CertPURPOSE"; case 0x800B0107 : return "CertISSUERCHAINING"; case 0x800B0108 : return "CertMALFORMED"; case 0x800B0109 : return "CertUNTRUSTEDROOT"; case 0x800B010A : return "CertCHAINING"; case 0x800B010C : return "CertREVOKED"; case 0x800B010D : return "CertUNTRUSTEDTESTROOT"; case 0x800B010E : return "CertREVOCATION_FAILURE"; case 0x800B010F : return "CertCN_NO_MATCH"; case 0x800B0110 : return "CertWRONG_USAGE"; case 0x800B0112 : return "CertUNTRUSTEDCA"; default : return null; } }//GetEnumCertificateProblem }//CertificateProblem public class MyCertificateValidation implements ICertificatePolicy { // Default policy for certificate validation. public static boolean defaultValidate = false; public boolean CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest request, int problem) { boolean validationResult = false; Console.WriteLine(("Certificate Problem with accessing " + request.get_RequestUri())); Console.Write("Problem code 0x{0:X8},", ((System.Int32)(problem)).ToString("X8")); Console.WriteLine(GetProblemMessage((problem))); validationResult = defaultValidate; return validationResult; } //CheckValidationResult private String GetProblemMessage(int problem) { String problemMessage = ""; CertificateProblem problemList = new CertificateProblem(); String problemCodeName = problemList.GetEnumCertificateProblem(problem); if (problemCodeName != null) { problemMessage = problemMessage + "-Certificateproblem:" + problemCodeName; } else { problemMessage = "Unknown Certificate Problem"; } return problemMessage; } //GetProblemMessage } //MyCertificateValidation
Windows 98, Windows 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。
参照
ICertificatePolicy メソッド
ICertificatePolicy メンバ
- icertificatepolicyのページへのリンク