CertificationUsage Class
Defines the purposes for which an X.509 certificate can be used.
Namespace: System.Net.Security
Assembly: System.Net.Security (in System.Net.Security.dll)
Syntax
public sealed class CertificationUsage : EnumMembers
| Member | Description |
|---|---|
None |
The certificate has no defined usage. |
Validation |
The certificate is used for validation purposes. |
Signing |
The certificate is used for signing purposes. |
Decryption |
The certificate is used for decryption purposes. |
All |
The certificate can be used for any purpose. |
Remarks
The CertificationUsage enumeration is used by the CertificatePolicy class to specify the intended use of an X.509 certificate.
When establishing a secure connection, the client and server may exchange certificates. The CertificationUsage enum helps determine if a provided certificate is suitable for the operation being performed (e.g., validation, signing, or decryption).
The All value indicates that the certificate is universally applicable for all security-related operations within the context of the policy.
Requirements
| Requirement | Description |
|---|---|
| Namespace | System.Net.Security |
| Assembly | System.Net.Security.dll |
Example
The following example demonstrates how to check the usage of a certificate using the CertificationUsage enum.
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class CertificateUsageExample
{
public static void Main(string[] args)
{
// Assume 'certificate' is an X509Certificate2 object
// For demonstration, we'll create a placeholder
X509Certificate2 certificate = GetSampleCertificate();
if (certificate != null)
{
// In a real scenario, you'd get the usage from a policy or by inspecting the certificate's enhanced key usage extensions.
// For this example, we'll simulate a usage.
CertificationUsage usage = CertificationUsage.Validation; // Simulated usage
Console.WriteLine($"Certificate Usage: {usage}");
if ((usage & CertificationUsage.Validation) == CertificationUsage.Validation)
{
Console.WriteLine("This certificate can be used for validation.");
}
if ((usage & CertificationUsage.Signing) == CertificationUsage.Signing)
{
Console.WriteLine("This certificate can be used for signing.");
}
}
else
{
Console.WriteLine("Could not retrieve a sample certificate.");
}
}
// Placeholder method to get a sample certificate (requires a real certificate in a real application)
private static X509Certificate2 GetSampleCertificate()
{
// This is a placeholder and will not return a valid certificate.
// In a real application, you would load a certificate from a store or file.
try
{
// Attempt to get a readily available certificate (e.g., for localhost)
using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 cert in store.Certificates)
{
// Find a certificate that might be suitable for validation
if (cert.Extensions.Count > 0)
{
// Simple check for presence of Subject Alternative Name, which is common for server certs
foreach (X509Extension extension in cert.Extensions)
{
if (extension.Oid.FriendlyName == "Subject Alternative Name")
{
return cert;
}
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine($"Error retrieving sample certificate: {ex.Message}");
}
return null;
}
}