X509CertSelector selector = new X509CertSelector();
TestCert cert;
GeneralSubtrees subtrees;
NameConstraints constraints;
for (int i=0; i<names.length; i+=2) {
// Set up the pathToNames criterion
ArrayList pathToNames = new ArrayList();
pathToNames.add(names[i].getAsList());
selector.setPathToNames(pathToNames);
// Construct the subtrees without the current name
subtrees = new GeneralSubtrees();
for (int j=0; j<names.length; j++) {
if (i != j && i+1 != j) {
subtrees.addSubtree(new GeneralSubtree(names[j]));
}
}
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
subtrees.addSubtree(new GeneralSubtree(names[i+1]));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as a permitted name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name but it does not "
+ "contain this name as a permitted so match()"
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name so method match() "
+ "should return true", selector.match(cert));
subtrees.addSubtree(new GeneralSubtree(names[i]));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as a permitted name so method match() "
+ "should return true", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));