X509Certificate2Extensions Class - System.Net.Security

Overview

Provides static extension methods for the X509Certificate2 class to simplify the retrieval and manipulation of certificate extensions.

This class is part of the System.Security.Cryptography.X509Certificates namespace.

Members

Methods

GetEkuOids(): Retrieves the Object Identifiers (OIDs) for Enhanced Key Usage (EKU) extensions.
GetSubjectAlternativeNames(): Retrieves the Subject Alternative Name (SAN) entries from the certificate.
GetRawExtensionValue(string oid): Retrieves the raw byte array value of a specified certificate extension.
HasExtension(string oid): Checks if a certificate contains a specific extension.

GetEkuOids()

Retrieves the Object Identifiers (OIDs) for all Enhanced Key Usage (EKU) extensions present in the certificate.

public static OidCollection GetEkuOids(
    this X509Certificate2 certificate
);

Parameters

certificate: The X509Certificate2 object to inspect.

Return Value

An OidCollection containing the OIDs of the EKUs found in the certificate.

Example

using System;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security; // Required for extension methods

public class Example
{
    public static void Main(string[] args)
    {
        // Load a certificate (replace with your actual certificate loading logic)
        X509Certificate2 cert = new X509Certificate2("path/to/your/certificate.cer");

        OidCollection ekuOids = cert.GetEkuOids();

        Console.WriteLine($"Enhanced Key Usages for certificate: {cert.Subject}");
        if (ekuOids.Count > 0)
        {
            foreach (Oid oid in ekuOids)
            {
                Console.WriteLine($"- OID: {oid.Value}, Name: {oid.FriendlyName}");
            }
        }
        else
        {
            Console.WriteLine("  No Enhanced Key Usages found.");
        }
    }
}

GetSubjectAlternativeNames()

Retrieves the Subject Alternative Name (SAN) entries from the certificate. This includes DNS names, IP addresses, etc.

public static IList<string> GetSubjectAlternativeNames(
    this X509Certificate2 certificate
);

Parameters

certificate: The X509Certificate2 object to inspect.

Return Value

A IList<string> containing the SAN entries. Each entry is typically a DNS name or IP address.

Example

using System;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security; // Required for extension methods

public class Example
{
    public static void Main(string[] args)
    {
        X509Certificate2 cert = new X509Certificate2("path/to/your/certificate.cer");

        IList<string> sanEntries = cert.GetSubjectAlternativeNames();

        Console.WriteLine($"Subject Alternative Names for certificate: {cert.Subject}");
        if (sanEntries.Count > 0)
        {
            foreach (string san in sanEntries)
            {
                Console.WriteLine($"- {san}");
            }
        }
        else
        {
            Console.WriteLine("  No Subject Alternative Names found.");
        }
    }
}

GetRawExtensionValue(string oid)

Retrieves the raw byte array value of a certificate extension specified by its Object Identifier (OID).

public static byte[] GetRawExtensionValue(
    this X509Certificate2 certificate,
    string oid
);

Parameters

certificate: The X509Certificate2 object to inspect.
oid: The OID of the extension to retrieve.

Return Value

A byte array representing the raw value of the extension, or null if the extension is not found.

HasExtension(string oid)

Checks if a certificate contains a specific extension, identified by its OID.

public static bool HasExtension(
    this X509Certificate2 certificate,
    string oid
);

Parameters

certificate: The X509Certificate2 object to inspect.
oid: The OID of the extension to check for.

Return Value

true if the certificate contains the specified extension; otherwise, false.