CertificateSupplyContext Class
Represents a context for supplying certificates during cryptographic operations, particularly in scenarios involving TLS/SSL. This class is used to manage the process of providing X.509 certificates when required by a secure channel.
Inheritance
- System.Object
- System.Net.Security.CertificateSupplyContext
Remarks
The CertificateSupplyContext class plays a crucial role in secure network communication. When an SSL/TLS connection requires a client or server certificate (for authentication or encryption), and the application needs to provide it programmatically, this context is utilized. It encapsulates the necessary information and actions for certificate selection and supply.
Fields
This class has no public fields.
Methods
- CertificateSupplyContext(X509Certificate2Collection, String)
- GetCertificate()
- GetCertificateByChainPolicy(X509ChainPolicy)
- GetCertificateByChainPolicy(X509ChainPolicy, X509Certificate2Collection)
- GetCertificateByName(String)
- GetCertificateByName(String, X509Certificate2Collection)
- GetCertificateByThumbprint(String)
- GetCertificateByThumbprint(String, X509Certificate2Collection)
- GetCertificateByUsage(X509KeyUsageFlags)
- GetCertificateByUsage(X509KeyUsageFlags, X509Certificate2Collection)
Constructor
public CertificateSupplyContext(X509Certificate2Collection availableCerts, string targetHost)
Initializes a new instance of the CertificateSupplyContext class with the specified collection of available certificates and the target host.
availableCerts- An
X509Certificate2Collectionthat contains the certificates that can be supplied. targetHost- The target host name for which the certificate is being supplied.
Methods Details
GetCertificate()
Retrieves the default certificate from the available collection. This method is often called by the system when no specific criteria are provided.
X509Certificate2GetCertificateByChainPolicy(X509ChainPolicy)
Retrieves a certificate that satisfies the specified chain policy.
chainPolicy- An
X509ChainPolicyobject that defines the criteria for selecting a certificate.
X509Certificate2null if no matching certificate is found.GetCertificateByChainPolicy(X509ChainPolicy, X509Certificate2Collection)
Retrieves a certificate from a specified collection that satisfies the specified chain policy.
chainPolicy- An
X509ChainPolicyobject that defines the criteria for selecting a certificate. clientCerts- An
X509Certificate2Collectionto search within.
X509Certificate2null if no matching certificate is found.GetCertificateByName(String)
Retrieves a certificate that matches the specified subject name.
subjectName- The subject name to match.
X509Certificate2null if no matching certificate is found.GetCertificateByName(String, X509Certificate2Collection)
Retrieves a certificate from a specified collection that matches the specified subject name.
subjectName- The subject name to match.
clientCerts- An
X509Certificate2Collectionto search within.
X509Certificate2null if no matching certificate is found.GetCertificateByThumbprint(String)
Retrieves a certificate that matches the specified thumbprint.
thumbprint- The thumbprint of the certificate to retrieve.
X509Certificate2null if no matching certificate is found.GetCertificateByThumbprint(String, X509Certificate2Collection)
Retrieves a certificate from a specified collection that matches the specified thumbprint.
thumbprint- The thumbprint of the certificate to retrieve.
clientCerts- An
X509Certificate2Collectionto search within.
X509Certificate2null if no matching certificate is found.GetCertificateByUsage(X509KeyUsageFlags)
Retrieves a certificate that has the specified key usage flags.
keyUsage- An
X509KeyUsageFlagsenumeration that specifies the key usage requirements.
X509Certificate2null if no matching certificate is found.GetCertificateByUsage(X509KeyUsageFlags, X509Certificate2Collection)
Retrieves a certificate from a specified collection that has the specified key usage flags.
keyUsage- An
X509KeyUsageFlagsenumeration that specifies the key usage requirements. clientCerts- An
X509Certificate2Collectionto search within.
X509Certificate2null if no matching certificate is found.Example
The following C# code snippet demonstrates how to use CertificateSupplyContext to programmatically select a client certificate for an SSL connection.
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
public class CertificateSelector
{
public async Task ConnectWithClientCertificateAsync(string host, int port)
{
// Assume clientCertificates is populated with X.509 certificates
X509Certificate2Collection clientCertificates = GetClientCertificates();
var options = new SslClientAuthenticationOptions
{
TargetHost = host,
ClientCertificates = clientCertificates,
CertificateSelectionCallback = (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
{
// Use CertificateSupplyContext to help select the best certificate
var context = new CertificateSupplyContext(localCertificates, targetHost);
// You can add custom logic here to pick a certificate based on needs
// For simplicity, let's try to get a certificate by usage
var cert = context.GetCertificateByUsage(X509KeyUsageFlags.DataEncipherment);
if (cert == null)
{
// Fallback to the first available certificate if none match usage
cert = localCertificates.FirstOrDefault();
}
return cert;
}
};
using (var tcpClient = new System.Net.Sockets.TcpClient())
{
await tcpClient.ConnectAsync(host, port);
using (var sslStream = new SslStream(tcpClient.GetStream(), false))
{
await sslStream.AuthenticateAsClientAsync(options);
Console.WriteLine("SSL connection established with client certificate.");
// ... perform secure communication ...
}
}
}
private X509Certificate2Collection GetClientCertificates()
{
// In a real application, you would load certificates from a store or file
// For demonstration purposes, returning an empty collection
return new X509Certificate2Collection();
}
}