public override void PerformTest()
{
TestConstraints(GeneralName.Rfc822Name, testEmail,
testEmailIsConstraint, testEmailIsNotConstraint, email1, email2,
emailunion, emailintersect);
TestConstraints(GeneralName.DnsName, testDNS, testDNSIsConstraint,
testDNSIsNotConstraint, dns1, dns2, dnsunion, dnsintersect);
TestConstraints(GeneralName.DirectoryName, testDN, testDNIsConstraint,
testDNIsNotConstraint, dn1, dn2, dnUnion, dnIntersection);
TestConstraints(GeneralName.UniformResourceIdentifier, testURI,
testURIIsConstraint, testURIIsNotConstraint, uri1, uri2, uriunion,
uriintersect);
TestConstraints(GeneralName.IPAddress, testIP, testIPIsConstraint,
testIPIsNotConstraint, ip1, ip2, ipunion, ipintersect);
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US")))));
constraintValidator.checkPermitted(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US")));
GeneralName name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance));
GeneralSubtree subtree = new GeneralSubtree(name);
PkixNameConstraintValidator validator = new PkixNameConstraintValidator();
validator.IntersectPermittedSubtree(new DerSequence(subtree));
name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance));
subtree = new GeneralSubtree(name);
validator = new PkixNameConstraintValidator();
validator.IntersectPermittedSubtree(new DerSequence(subtree));
validator.AddExcludedSubtree(subtree);
try
{
validator.checkExcluded(name);
}
catch (PkixNameConstraintValidatorException e)
{
IsEquals("OtherName is from an excluded subtree.", e.Message);
}
try
{
validator.checkPermitted(name);
}
catch (PkixNameConstraintValidatorException e)
{
Fail(e.Message);
}
}
public override void PerformTest()
{
TestConstraints(GeneralName.Rfc822Name, testEmail,
testEmailIsConstraint, testEmailIsNotConstraint, email1, email2,
emailunion, emailintersect);
TestConstraints(GeneralName.DnsName, testDNS, testDNSIsConstraint,
testDNSIsNotConstraint, dns1, dns2, dnsunion, dnsintersect);
TestConstraints(GeneralName.DirectoryName, testDN, testDNIsConstraint,
testDNIsNotConstraint, dn1, dn2, dnUnion, dnIntersection);
TestConstraints(GeneralName.UniformResourceIdentifier, testURI,
testURIIsConstraint, testURIIsNotConstraint, uri1, uri2, uriunion,
uriintersect);
TestConstraints(GeneralName.IPAddress, testIP, testIPIsConstraint,
testIPIsNotConstraint, ip1, ip2, ipunion, ipintersect);
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US")))));
constraintValidator.checkPermitted(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US")));
}
/**
* Tests byte array based GeneralNames for inclusion or exclusion.
*
* @param nameType The {@link GeneralName} type to test.
* @param testName The name to test.
* @param testNameIsConstraint The names where <code>testName</code> must
* be included and excluded.
* @param testNameIsNotConstraint The names where <code>testName</code>
* must not be excluded and included.
* @param testNames1 Operand 1 of test names to use for union and
* intersection testing.
* @param testNames2 Operand 2 of test names to use for union and
* intersection testing.
* @param testUnion The union results.
* @param testInterSection The intersection results.
* @throws Exception If an unexpected exception occurs.
*/
private void TestConstraints(
int nameType,
byte[] testName,
byte[][] testNameIsConstraint,
byte[][] testNameIsNotConstraint,
byte[][] testNames1,
byte[][] testNames2,
byte[][][] testUnion,
byte[][] testInterSection)
{
for (int i = 0; i < testNameIsConstraint.Length; i++)
{
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(
testNameIsConstraint[i])))));
constraintValidator.checkPermitted(new GeneralName(nameType,
new DerOctetString(testName)));
}
for (int i = 0; i < testNameIsNotConstraint.Length; i++)
{
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(
testNameIsNotConstraint[i])))));
try
{
constraintValidator.checkPermitted(new GeneralName(nameType,
new DerOctetString(testName)));
Fail("not permitted name allowed: " + nameType);
}
catch (PkixNameConstraintValidatorException)
{
// expected
}
}
for (int i = 0; i < testNameIsConstraint.Length; i++)
{
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
nameType, new DerOctetString(testNameIsConstraint[i]))));
try
{
constraintValidator.checkExcluded(new GeneralName(nameType,
new DerOctetString(testName)));
Fail("excluded name missed: " + nameType);
}
catch (PkixNameConstraintValidatorException)
{
// expected
}
}
for (int i = 0; i < testNameIsNotConstraint.Length; i++)
{
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
nameType, new DerOctetString(testNameIsNotConstraint[i]))));
constraintValidator.checkExcluded(new GeneralName(nameType,
new DerOctetString(testName)));
}
for (int i = 0; i < testNames1.Length; i++)
{
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
nameType, new DerOctetString(testNames1[i]))));
constraintValidator.AddExcludedSubtree(new GeneralSubtree(new GeneralName(
nameType, new DerOctetString(testNames2[i]))));
PkixNameConstraintValidator constraints2 = new PkixNameConstraintValidator();
for (int j = 0; j < testUnion[i].Length; j++)
{
constraints2.AddExcludedSubtree(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(
testUnion[i][j]))));
}
if (!constraints2.Equals(constraintValidator))
{
Fail("union wrong: " + nameType);
}
constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(testNames1[i])))));
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(testNames2[i])))));
constraints2 = new PkixNameConstraintValidator();
if (testInterSection[i] != null)
{
constraints2.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(nameType, new DerOctetString(
testInterSection[i])))));
}
else
{
constraints2.IntersectEmptyPermittedSubtree(nameType);
}
if (!constraints2.Equals(constraintValidator))
{
Fail("intersection wrong: " + nameType);
}
}
}
