X509CertSelector selector = new X509CertSelector();
TestCert cert;
GeneralSubtrees subtrees;
NameConstraints constraints;
for (int i=0; i<names.length-2; i+=2) {
// Set up the pathToNames criterion
selector.addPathToName(types[i], names[i]);
// Construct the subtrees without the current name
subtrees = new GeneralSubtrees();
for (int j=i+2; j<names.length; j++) {
if (i != j && i+1 != j) {
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[j], names[j])));
}
}
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i+1], names[i+1])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as a permitted name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name but it does not "
+ "contain this name as a permitted so match()"
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name so method match() "
+ "should return true", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i], names[i])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as a permitted name so method match() "
+ "should return true", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));