public void AddExcludedSubtree(GeneralSubtree subtree) { GeneralName @base = subtree.Base; switch (@base.TagNo) { case 3: case 5: break; case 1: excludedSubtreesEmail = UnionEmail(excludedSubtreesEmail, ExtractNameAsString(@base)); break; case 2: excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, ExtractNameAsString(@base)); break; case 4: excludedSubtreesDN = UnionDN(excludedSubtreesDN, (Asn1Sequence)@base.Name.ToAsn1Object()); break; case 6: excludedSubtreesURI = unionURI(excludedSubtreesURI, ExtractNameAsString(@base)); break; case 7: excludedSubtreesIP = UnionIP(excludedSubtreesIP, Asn1OctetString.GetInstance(@base.Name).GetOctets()); break; } }
public override void PerformTest() { TestConstraints(GeneralName.Rfc822Name, testEmail, testEmailIsConstraint, testEmailIsNotConstraint, email1, email2, emailunion, emailintersect); TestConstraints(GeneralName.DnsName, testDNS, testDNSIsConstraint, testDNSIsNotConstraint, dns1, dns2, dnsunion, dnsintersect); TestConstraints(GeneralName.DirectoryName, testDN, testDNIsConstraint, testDNIsNotConstraint, dn1, dn2, dnUnion, dnIntersection); TestConstraints(GeneralName.UniformResourceIdentifier, testURI, testURIIsConstraint, testURIIsNotConstraint, uri1, uri2, uriunion, uriintersect); TestConstraints(GeneralName.IPAddress, testIP, testIPIsConstraint, testIPIsNotConstraint, ip1, ip2, ipunion, ipintersect); PkixNameConstraintValidator constraintValidator = new PkixNameConstraintValidator(); constraintValidator.IntersectPermittedSubtree(new DerSequence(new GeneralSubtree( new GeneralName(GeneralName.DirectoryName, new X509Name(true, "ou=permittedSubtree1, o=Test Certificates 2011, c=US"))))); constraintValidator.checkPermitted( new GeneralName(GeneralName.DirectoryName, new X509Name(true, "cn=Valid DN nameConstraints EE Certificate Test1, ou=permittedSubtree1, o=Test Certificates 2011, c=US"))); GeneralName name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance)); GeneralSubtree subtree = new GeneralSubtree(name); PkixNameConstraintValidator validator = new PkixNameConstraintValidator(); validator.IntersectPermittedSubtree(new DerSequence(subtree)); name = new GeneralName(GeneralName.OtherName, new OtherName(new DerObjectIdentifier("1.1"), DerNull.Instance)); subtree = new GeneralSubtree(name); validator = new PkixNameConstraintValidator(); validator.IntersectPermittedSubtree(new DerSequence(subtree)); validator.AddExcludedSubtree(subtree); try { validator.checkExcluded(name); } catch (PkixNameConstraintValidatorException e) { IsEquals("OtherName is from an excluded subtree.", e.Message); } try { validator.checkPermitted(name); } catch (PkixNameConstraintValidatorException e) { Fail(e.Message); } }
public void IntersectPermittedSubtree(Asn1Sequence permitted) { IDictionary dictionary = Platform.CreateHashtable(); IEnumerator enumerator = permitted.GetEnumerator(); while (enumerator.MoveNext()) { GeneralSubtree instance = GeneralSubtree.GetInstance(enumerator.Current); int tagNo = instance.Base.TagNo; if (dictionary[tagNo] == null) { dictionary[tagNo] = new HashSet(); } ((ISet)dictionary[tagNo]).Add(instance); } IEnumerator enumerator2 = dictionary.GetEnumerator(); while (enumerator2.MoveNext()) { DictionaryEntry dictionaryEntry = (DictionaryEntry)enumerator2.Current; switch ((int)dictionaryEntry.Key) { case 1: permittedSubtreesEmail = IntersectEmail(permittedSubtreesEmail, (ISet)dictionaryEntry.Value); break; case 2: permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (ISet)dictionaryEntry.Value); break; case 4: permittedSubtreesDN = IntersectDN(permittedSubtreesDN, (ISet)dictionaryEntry.Value); break; case 6: permittedSubtreesURI = intersectURI(permittedSubtreesURI, (ISet)dictionaryEntry.Value); break; case 7: permittedSubtreesIP = IntersectIP(permittedSubtreesIP, (ISet)dictionaryEntry.Value); break; } } }
private void encode() { GeneralSubtree[] permTree = null; GeneralSubtree[] exclTree = null; if (permitted.Count > 0) { permTree = new GeneralSubtree[permitted.Count]; for (int i = 0; i < permitted.Count; i++) { permTree[i] = new GeneralSubtree(new GeneralName((int)permitted[i].Type, permitted[i].Name)); } } if (excluded.Count > 0) { exclTree = new GeneralSubtree[excluded.Count]; for (int i = 0; i < excluded.Count; i++) { exclTree[i] = new GeneralSubtree(new GeneralName((int)excluded[i].Type, excluded[i].Name)); } } base.encValue = new NameConstraints(permTree, exclTree); }