public void AddExcludedSubtree(GeneralSubtree subtree)
{
GeneralName @base = subtree.Base;
switch (@base.TagNo)
{
case 3:
case 5:
break;
case 1:
excludedSubtreesEmail = UnionEmail(excludedSubtreesEmail, ExtractNameAsString(@base));
break;
case 2:
excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, ExtractNameAsString(@base));
break;
case 4:
excludedSubtreesDN = UnionDN(excludedSubtreesDN, (Asn1Sequence)@base.Name.ToAsn1Object());
break;
case 6:
excludedSubtreesURI = unionURI(excludedSubtreesURI, ExtractNameAsString(@base));
break;
case 7:
excludedSubtreesIP = UnionIP(excludedSubtreesIP, Asn1OctetString.GetInstance(@base.Name).GetOctets());
break;
}
}
public override void PerformTest()
{
TestConstraints(GeneralName.Rfc822Name, testEmail,
testEmailIsConstraint, testEmailIsNotConstraint, email1, email2,
emailunion, emailintersect);
TestConstraints(GeneralName.DnsName, testDNS, testDNSIsConstraint,
testDNSIsNotConstraint, dns1, dns2, dnsunion, dnsintersect);
TestConstraints(GeneralName.DirectoryName, testDN, testDNIsConstraint,
testDNIsNotConstraint, dn1, dn2, dnUnion, dnIntersection);
TestConstraints(GeneralName.UniformResourceIdentifier, testURI,
testURIIsConstraint, testURIIsNotConstraint, uri1, uri2, uriunion,
uriintersect);
TestConstraints(GeneralName.IPAddress, testIP, testIPIsConstraint,
testIPIsNotConstraint, ip1, ip2, ipunion, ipintersect);
PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator();
constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US")))));
constraintValidator.checkPermitted(
new GeneralName(GeneralName.DirectoryName,
new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US")));
GeneralName name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance));
GeneralSubtree subtree = new GeneralSubtree(name);
PkixNameConstraintValidator validator = new PkixNameConstraintValidator();
validator.IntersectPermittedSubtree(new DerSequence(subtree));
name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance));
subtree = new GeneralSubtree(name);
validator = new PkixNameConstraintValidator();
validator.IntersectPermittedSubtree(new DerSequence(subtree));
validator.AddExcludedSubtree(subtree);
try
{
validator.checkExcluded(name);
}
catch (PkixNameConstraintValidatorException e)
{
IsEquals("OtherName is from an excluded subtree.", e.Message);
}
try
{
validator.checkPermitted(name);
}
catch (PkixNameConstraintValidatorException e)
{
Fail(e.Message);
}
}
public void IntersectPermittedSubtree(Asn1Sequence permitted)
{
IDictionary dictionary = Platform.CreateHashtable();
IEnumerator enumerator = permitted.GetEnumerator();
while (enumerator.MoveNext())
{
GeneralSubtree instance = GeneralSubtree.GetInstance(enumerator.Current);
int tagNo = instance.Base.TagNo;
if (dictionary[tagNo] == null)
{
dictionary[tagNo] = new HashSet();
}
((ISet)dictionary[tagNo]).Add(instance);
}
IEnumerator enumerator2 = dictionary.GetEnumerator();
while (enumerator2.MoveNext())
{
DictionaryEntry dictionaryEntry = (DictionaryEntry)enumerator2.Current;
switch ((int)dictionaryEntry.Key)
{
case 1:
permittedSubtreesEmail = IntersectEmail(permittedSubtreesEmail, (ISet)dictionaryEntry.Value);
break;
case 2:
permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (ISet)dictionaryEntry.Value);
break;
case 4:
permittedSubtreesDN = IntersectDN(permittedSubtreesDN, (ISet)dictionaryEntry.Value);
break;
case 6:
permittedSubtreesURI = intersectURI(permittedSubtreesURI, (ISet)dictionaryEntry.Value);
break;
case 7:
permittedSubtreesIP = IntersectIP(permittedSubtreesIP, (ISet)dictionaryEntry.Value);
break;
}
}
}
private void encode()
{
GeneralSubtree[] permTree = null;
GeneralSubtree[] exclTree = null;
if (permitted.Count > 0)
{
permTree = new GeneralSubtree[permitted.Count];
for (int i = 0; i < permitted.Count; i++)
{
permTree[i] = new GeneralSubtree(new GeneralName((int)permitted[i].Type, permitted[i].Name));
}
}
if (excluded.Count > 0)
{
exclTree = new GeneralSubtree[excluded.Count];
for (int i = 0; i < excluded.Count; i++)
{
exclTree[i] = new GeneralSubtree(new GeneralName((int)excluded[i].Type, excluded[i].Name));
}
}
base.encValue = new NameConstraints(permTree, exclTree);
}