PkixNameConstraintValidator.cs :  » PDF » iTextSharp » Org » BouncyCastle » Pkix » C# / CSharp Open Source

Home
C# / CSharp Open Source
1.2.6.4 mono .net core
2.2.6.4 mono core
3.Aspect Oriented Frameworks
4.Bloggers
5.Build Systems
6.Business Application
7.Charting Reporting Tools
8.Chat Servers
9.Code Coverage Tools
10.Content Management Systems CMS
11.CRM ERP
12.Database
13.Development
14.Email
15.Forum
16.Game
17.GIS
18.GUI
19.IDEs
20.Installers Generators
21.Inversion of Control Dependency Injection
22.Issue Tracking
23.Logging Tools
24.Message
25.Mobile
26.Network Clients
27.Network Servers
28.Office
29.PDF
30.Persistence Frameworks
31.Portals
32.Profilers
33.Project Management
34.RSS RDF
35.Rule Engines
36.Script
37.Search Engines
38.Sound Audio
39.Source Control
40.SQL Clients
41.Template Engines
42.Testing
43.UML
44.Web Frameworks
45.Web Service
46.Web Testing
47.Wiki Engines
48.Windows Presentation Foundation
49.Workflows
50.XML Parsers
C# / C Sharp
C# / C Sharp by API
C# / CSharp Tutorial
C# / CSharp Open Source » PDF » iTextSharp 
iTextSharp » Org » BouncyCastle » Pkix » PkixNameConstraintValidator.cs
using System;
using System.Collections;

using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Utilities.Collections;

namespace Org.BouncyCastle.Pkix{
    public class PkixNameConstraintValidator
    {
        private ISet excludedSubtreesDN = new HashSet();

        private ISet excludedSubtreesDNS = new HashSet();

        private ISet excludedSubtreesEmail = new HashSet();

        private ISet excludedSubtreesURI = new HashSet();

        private ISet excludedSubtreesIP = new HashSet();

        private ISet permittedSubtreesDN;

        private ISet permittedSubtreesDNS;

        private ISet permittedSubtreesEmail;

        private ISet permittedSubtreesURI;

        private ISet permittedSubtreesIP;

        public PkixNameConstraintValidator()
        {
        }

        private static bool WithinDNSubtree(
            Asn1Sequence dns,
            Asn1Sequence subtree)
        {
            if (subtree.Count < 1)
            {
                return false;
            }

            if (subtree.Count > dns.Count)
            {
                return false;
            }

            for (int j = subtree.Count - 1; j >= 0; j--)
            {
                if (!(subtree[j].Equals(dns[j])))
                {
                    return false;
                }
            }

            return true;
        }

        public void CheckPermittedDN(Asn1Sequence dns)
        //throws PkixNameConstraintValidatorException
        {
            CheckPermittedDN(permittedSubtreesDN, dns);
        }

        public void CheckExcludedDN(Asn1Sequence dns)
        //throws PkixNameConstraintValidatorException
        {
            CheckExcludedDN(excludedSubtreesDN, dns);
        }

        private void CheckPermittedDN(ISet permitted, Asn1Sequence dns)
        //throws PkixNameConstraintValidatorException
        {
            if (permitted == null)
            {
                return;
            }

            if ((permitted.Count == 0) && dns.Count == 0)
            {
                return;
            }

            IEnumerator it = permitted.GetEnumerator();

            while (it.MoveNext())
            {
                Asn1Sequence subtree = (Asn1Sequence)it.Current;

                if (WithinDNSubtree(dns, subtree))
                {
                    return;
                }
            }

            throw new PkixNameConstraintValidatorException(
                "Subject distinguished name is not from a permitted subtree");
        }

        private void CheckExcludedDN(ISet excluded, Asn1Sequence dns)
        //throws PkixNameConstraintValidatorException
        {
            if (excluded.IsEmpty)
            {
                return;
            }

            IEnumerator it = excluded.GetEnumerator();

            while (it.MoveNext())
            {
                Asn1Sequence subtree = (Asn1Sequence)it.Current;

                if (WithinDNSubtree(dns, subtree))
                {
                    throw new PkixNameConstraintValidatorException(
                        "Subject distinguished name is from an excluded subtree");
                }
            }
        }

        private ISet IntersectDN(ISet permitted, ISet dns)
        {
            ISet intersect = new HashSet();
            for (IEnumerator it = dns.GetEnumerator(); it.MoveNext(); )
            {
                Asn1Sequence dn = Asn1Sequence.GetInstance(((GeneralSubtree)it
                    .Current).Base.Name.ToAsn1Object());
                if (permitted == null)
                {
                    if (dn != null)
                    {
                        intersect.Add(dn);
                    }
                }
                else
                {
                    IEnumerator _iter = permitted.GetEnumerator();
                    while (_iter.MoveNext())
                    {
                        Asn1Sequence subtree = (Asn1Sequence)_iter.Current;

                        if (WithinDNSubtree(dn, subtree))
                        {
                            intersect.Add(dn);
                        }
                        else if (WithinDNSubtree(subtree, dn))
                        {
                            intersect.Add(subtree);
                        }
                    }
                }
            }
            return intersect;
        }

        private ISet UnionDN(ISet excluded, Asn1Sequence dn)
        {
            if (excluded.IsEmpty)
            {
                if (dn == null)
                {
                    return excluded;
                }
                excluded.Add(dn);

                return excluded;
            }
            else
            {
                ISet intersect = new HashSet();

                IEnumerator it = excluded.GetEnumerator();
                while (it.MoveNext())
                {
                    Asn1Sequence subtree = (Asn1Sequence)it.Current;

                    if (WithinDNSubtree(dn, subtree))
                    {
                        intersect.Add(subtree);
                    }
                    else if (WithinDNSubtree(subtree, dn))
                    {
                        intersect.Add(dn);
                    }
                    else
                    {
                        intersect.Add(subtree);
                        intersect.Add(dn);
                    }
                }

                return intersect;
            }
        }

        private ISet IntersectEmail(ISet permitted, ISet emails)
        {
            ISet intersect = new HashSet();
            for (IEnumerator it = emails.GetEnumerator(); it.MoveNext(); )
            {
                String email = ExtractNameAsString(((GeneralSubtree)it.Current)
                    .Base);

                if (permitted == null)
                {
                    if (email != null)
                    {
                        intersect.Add(email);
                    }
                }
                else
                {
                    IEnumerator it2 = permitted.GetEnumerator();
                    while (it2.MoveNext())
                    {
                        String _permitted = (String)it2.Current;

                        intersectEmail(email, _permitted, intersect);
                    }
                }
            }
            return intersect;
        }

        private ISet UnionEmail(ISet excluded, String email)
        {
            if (excluded.IsEmpty)
            {
                if (email == null)
                {
                    return excluded;
                }
                excluded.Add(email);
                return excluded;
            }
            else
            {
                ISet union = new HashSet();

                IEnumerator it = excluded.GetEnumerator();
                while (it.MoveNext())
                {
                    String _excluded = (String)it.Current;

                    unionEmail(_excluded, email, union);
                }

                return union;
            }
        }

        /**
         * Returns the intersection of the permitted IP ranges in
         * <code>permitted</code> with <code>ip</code>.
         *
         * @param permitted A <code>Set</code> of permitted IP addresses with
         *                  their subnet mask as byte arrays.
         * @param ips       The IP address with its subnet mask.
         * @return The <code>Set</code> of permitted IP ranges intersected with
         *         <code>ip</code>.
         */
        private ISet IntersectIP(ISet permitted, ISet ips)
        {
            ISet intersect = new HashSet();
            for (IEnumerator it = ips.GetEnumerator(); it.MoveNext(); )
            {
                byte[] ip = Asn1OctetString.GetInstance(
                    ((GeneralSubtree)it.Current).Base.Name).GetOctets();
                if (permitted == null)
                {
                    if (ip != null)
                    {
                        intersect.Add(ip);
                    }
                }
                else
                {
                    IEnumerator it2 = permitted.GetEnumerator();
                    while (it2.MoveNext())
                    {
                        byte[] _permitted = (byte[])it2.Current;
                        intersect.AddAll(IntersectIPRange(_permitted, ip));
                    }
                }
            }
            return intersect;
        }

        /**
         * Returns the union of the excluded IP ranges in <code>excluded</code>
         * with <code>ip</code>.
         *
         * @param excluded A <code>Set</code> of excluded IP addresses with their
         *                 subnet mask as byte arrays.
         * @param ip       The IP address with its subnet mask.
         * @return The <code>Set</code> of excluded IP ranges unified with
         *         <code>ip</code> as byte arrays.
         */
        private ISet UnionIP(ISet excluded, byte[] ip)
        {
            if (excluded.IsEmpty)
            {
                if (ip == null)
                {
                    return excluded;
                }
                excluded.Add(ip);

                return excluded;
            }
            else
            {
                ISet union = new HashSet();

                IEnumerator it = excluded.GetEnumerator();
                while (it.MoveNext())
                {
                    byte[] _excluded = (byte[])it.Current;
                    union.AddAll(UnionIPRange(_excluded, ip));
                }

                return union;
            }
        }

        /**
         * Calculates the union if two IP ranges.
         *
         * @param ipWithSubmask1 The first IP address with its subnet mask.
         * @param ipWithSubmask2 The second IP address with its subnet mask.
         * @return A <code>Set</code> with the union of both addresses.
         */
        private ISet UnionIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
        {
            ISet set = new HashSet();

            // difficult, adding always all IPs is not wrong
            if (Org.BouncyCastle.Utilities.Arrays.AreEqual(ipWithSubmask1, ipWithSubmask2))
            {
                set.Add(ipWithSubmask1);
            }
            else
            {
                set.Add(ipWithSubmask1);
                set.Add(ipWithSubmask2);
            }
            return set;
        }

        /**
         * Calculates the interesction if two IP ranges.
         *
         * @param ipWithSubmask1 The first IP address with its subnet mask.
         * @param ipWithSubmask2 The second IP address with its subnet mask.
         * @return A <code>Set</code> with the single IP address with its subnet
         *         mask as a byte array or an empty <code>Set</code>.
         */
        private ISet IntersectIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
    {
        if (ipWithSubmask1.Length != ipWithSubmask2.Length)
        {
            //Collections.EMPTY_SET;
            return new HashSet();
        }

        byte[][] temp = ExtractIPsAndSubnetMasks(ipWithSubmask1, ipWithSubmask2);
        byte[] ip1 = temp[0];
        byte[] subnetmask1 = temp[1];
        byte[] ip2 = temp[2];
        byte[] subnetmask2 = temp[3];

        byte[][] minMax = MinMaxIPs(ip1, subnetmask1, ip2, subnetmask2);
        byte[] min;
        byte[] max;
        max = Min(minMax[1], minMax[3]);
        min = Max(minMax[0], minMax[2]);

        // minimum IP address must be bigger than max
        if (CompareTo(min, max) == 1)
        {
            //return Collections.EMPTY_SET;
            return new HashSet();
        }
        // OR keeps all significant bits
        byte[] ip = Or(minMax[0], minMax[2]);
        byte[] subnetmask = Or(subnetmask1, subnetmask2);
        
            //return new HashSet( ICollectionsingleton(IpWithSubnetMask(ip, subnetmask));
        ISet hs = new HashSet();
        hs.Add(IpWithSubnetMask(ip, subnetmask));

            return hs;
    }

        /**
         * Concatenates the IP address with its subnet mask.
         *
         * @param ip         The IP address.
         * @param subnetMask Its subnet mask.
         * @return The concatenated IP address with its subnet mask.
         */
        private byte[] IpWithSubnetMask(byte[] ip, byte[] subnetMask)
        {
            int ipLength = ip.Length;
            byte[] temp = new byte[ipLength * 2];
            Array.Copy(ip, 0, temp, 0, ipLength);
            Array.Copy(subnetMask, 0, temp, ipLength, ipLength);
            return temp;
        }

        /**
         * Splits the IP addresses and their subnet mask.
         *
         * @param ipWithSubmask1 The first IP address with the subnet mask.
         * @param ipWithSubmask2 The second IP address with the subnet mask.
         * @return An array with two elements. Each element contains the IP address
         *         and the subnet mask in this order.
         */
        private byte[][] ExtractIPsAndSubnetMasks(
            byte[] ipWithSubmask1,
            byte[] ipWithSubmask2)
    {
        int ipLength = ipWithSubmask1.Length / 2;
        byte[] ip1 = new byte[ipLength];
        byte[] subnetmask1 = new byte[ipLength];
        Array.Copy(ipWithSubmask1, 0, ip1, 0, ipLength);
        Array.Copy(ipWithSubmask1, ipLength, subnetmask1, 0, ipLength);

        byte[] ip2 = new byte[ipLength];
        byte[] subnetmask2 = new byte[ipLength];
        Array.Copy(ipWithSubmask2, 0, ip2, 0, ipLength);
        Array.Copy(ipWithSubmask2, ipLength, subnetmask2, 0, ipLength);
        return new byte[][]
            {ip1, subnetmask1, ip2, subnetmask2};
    }

        /**
         * Based on the two IP addresses and their subnet masks the IP range is
         * computed for each IP address - subnet mask pair and returned as the
         * minimum IP address and the maximum address of the range.
         *
         * @param ip1         The first IP address.
         * @param subnetmask1 The subnet mask of the first IP address.
         * @param ip2         The second IP address.
         * @param subnetmask2 The subnet mask of the second IP address.
         * @return A array with two elements. The first/second element contains the
         *         min and max IP address of the first/second IP address and its
         *         subnet mask.
         */
        private byte[][] MinMaxIPs(
            byte[] ip1,
            byte[] subnetmask1,
            byte[] ip2,
            byte[] subnetmask2)
        {
            int ipLength = ip1.Length;
            byte[] min1 = new byte[ipLength];
            byte[] max1 = new byte[ipLength];

            byte[] min2 = new byte[ipLength];
            byte[] max2 = new byte[ipLength];

            for (int i = 0; i < ipLength; i++)
            {
                min1[i] = (byte)(ip1[i] & subnetmask1[i]);
                max1[i] = (byte)(ip1[i] & subnetmask1[i] | ~subnetmask1[i]);

                min2[i] = (byte)(ip2[i] & subnetmask2[i]);
                max2[i] = (byte)(ip2[i] & subnetmask2[i] | ~subnetmask2[i]);
            }

            return new byte[][] { min1, max1, min2, max2 };
        }

        private void CheckPermittedEmail(ISet permitted, String email)
        //throws PkixNameConstraintValidatorException
        {
            if (permitted == null)
            {
                return;
            }

            IEnumerator it = permitted.GetEnumerator();

            while (it.MoveNext())
            {
                String str = ((String)it.Current);

                if (EmailIsConstrained(email, str))
                {
                    return;
                }
            }

            if (email.Length == 0 && permitted.Count == 0)
            {
                return;
            }

            throw new PkixNameConstraintValidatorException(
                "Subject email address is not from a permitted subtree.");
        }

        private void CheckExcludedEmail(ISet excluded, String email)
        //throws PkixNameConstraintValidatorException
        {
            if (excluded.IsEmpty)
            {
                return;
            }

            IEnumerator it = excluded.GetEnumerator();

            while (it.MoveNext())
            {
                String str = (String)it.Current;

                if (EmailIsConstrained(email, str))
                {
                    throw new PkixNameConstraintValidatorException(
                        "Email address is from an excluded subtree.");
                }
            }
        }

        /**
         * Checks if the IP <code>ip</code> is included in the permitted ISet
         * <code>permitted</code>.
         *
         * @param permitted A <code>Set</code> of permitted IP addresses with
         *                  their subnet mask as byte arrays.
         * @param ip        The IP address.
         * @throws PkixNameConstraintValidatorException
         *          if the IP is not permitted.
         */
        private void CheckPermittedIP(ISet permitted, byte[] ip)
        //throws PkixNameConstraintValidatorException
        {
            if (permitted == null)
            {
                return;
            }

            IEnumerator it = permitted.GetEnumerator();

            while (it.MoveNext())
            {
                byte[] ipWithSubnet = (byte[])it.Current;

                if (IsIPConstrained(ip, ipWithSubnet))
                {
                    return;
                }
            }
            if (ip.Length == 0 && permitted.Count == 0)
            {
                return;
            }
            throw new PkixNameConstraintValidatorException(
                "IP is not from a permitted subtree.");
        }

        /**
         * Checks if the IP <code>ip</code> is included in the excluded ISet
         * <code>excluded</code>.
         *
         * @param excluded A <code>Set</code> of excluded IP addresses with their
         *                 subnet mask as byte arrays.
         * @param ip       The IP address.
         * @throws PkixNameConstraintValidatorException
         *          if the IP is excluded.
         */
        private void checkExcludedIP(ISet excluded, byte[] ip)
        //throws PkixNameConstraintValidatorException
        {
            if (excluded.IsEmpty)
            {
                return;
            }

            IEnumerator it = excluded.GetEnumerator();

            while (it.MoveNext())
            {
                byte[] ipWithSubnet = (byte[])it.Current;

                if (IsIPConstrained(ip, ipWithSubnet))
                {
                    throw new PkixNameConstraintValidatorException(
                        "IP is from an excluded subtree.");
                }
            }
        }

        /**
         * Checks if the IP address <code>ip</code> is constrained by
         * <code>constraint</code>.
         *
         * @param ip         The IP address.
         * @param constraint The constraint. This is an IP address concatenated with
         *                   its subnetmask.
         * @return <code>true</code> if constrained, <code>false</code>
         *         otherwise.
         */
        private bool IsIPConstrained(byte[] ip, byte[] constraint)
        {
            int ipLength = ip.Length;

            if (ipLength != (constraint.Length / 2))
            {
                return false;
            }

            byte[] subnetMask = new byte[ipLength];
            Array.Copy(constraint, ipLength, subnetMask, 0, ipLength);

            byte[] permittedSubnetAddress = new byte[ipLength];

            byte[] ipSubnetAddress = new byte[ipLength];

            // the resulting IP address by applying the subnet mask
            for (int i = 0; i < ipLength; i++)
            {
                permittedSubnetAddress[i] = (byte)(constraint[i] & subnetMask[i]);
                ipSubnetAddress[i] = (byte)(ip[i] & subnetMask[i]);
            }

            return Org.BouncyCastle.Utilities.Arrays.AreEqual(permittedSubnetAddress, ipSubnetAddress);
        }

        private bool EmailIsConstrained(String email, String constraint)
        {
            String sub = email.Substring(email.IndexOf('@') + 1);
            // a particular mailbox
            if (constraint.IndexOf('@') != -1)
            {
                if (email.ToUpper().Equals(constraint.ToUpper()))
                {
                    return true;
                }
            }
            // on particular host
            else if (!(constraint[0].Equals('.')))
            {
                if (sub.ToUpper().Equals(constraint.ToUpper()))
                {
                    return true;
                }
            }
            // address in sub domain
            else if (WithinDomain(sub, constraint))
            {
                return true;
            }
            return false;
        }

        private bool WithinDomain(String testDomain, String domain)
        {
            String tempDomain = domain;
            if (tempDomain.StartsWith("."))
            {
                tempDomain = tempDomain.Substring(1);
            }
            String[] domainParts = tempDomain.Split('.'); // Strings.split(tempDomain, '.');
            String[] testDomainParts = testDomain.Split('.'); // Strings.split(testDomain, '.');

            // must have at least one subdomain
            if (testDomainParts.Length <= domainParts.Length)
            {
                return false;
            }

            int d = testDomainParts.Length - domainParts.Length;
            for (int i = -1; i < domainParts.Length; i++)
            {
                if (i == -1)
                {
                    if (testDomainParts[i + d].Equals(""))
                    {
                        return false;
                    }
                }
                else if (!(String.Compare(testDomainParts[i + d], domainParts[i], true)==0))
                {
                    return false;
                }
            }
            return true;
        }

        private void CheckPermittedDNS(ISet permitted, String dns)
        //throws PkixNameConstraintValidatorException
        {
            if (permitted == null)
            {
                return;
            }

            IEnumerator it = permitted.GetEnumerator();

            while (it.MoveNext())
            {
                String str = ((String)it.Current);

                // is sub domain
                if (WithinDomain(dns, str) || dns.ToUpper().Equals(str.ToUpper()))
                {
                    return;
                }
            }
            if (dns.Length == 0 && permitted.Count == 0)
            {
                return;
            }
            throw new PkixNameConstraintValidatorException(
                "DNS is not from a permitted subtree.");
        }

        private void checkExcludedDNS(ISet excluded, String dns)
        //     throws PkixNameConstraintValidatorException
        {
            if (excluded.IsEmpty)
            {
                return;
            }

            IEnumerator it = excluded.GetEnumerator();

            while (it.MoveNext())
            {
                String str = ((String)it.Current);

                // is sub domain or the same
                if (WithinDomain(dns, str) || (String.Compare(dns,str,true) == 0))
                {
                    throw new PkixNameConstraintValidatorException(
                        "DNS is from an excluded subtree.");
                }
            }
        }

        /**
         * The common part of <code>email1</code> and <code>email2</code> is
         * added to the union <code>union</code>. If <code>email1</code> and
         * <code>email2</code> have nothing in common they are added both.
         *
         * @param email1 Email address constraint 1.
         * @param email2 Email address constraint 2.
         * @param union  The union.
         */
        private void unionEmail(String email1, String email2, ISet union)
        {
            // email1 is a particular address
            if (email1.IndexOf('@') != -1)
            {
                String _sub = email1.Substring(email1.IndexOf('@') + 1);
                // both are a particular mailbox
                if (email2.IndexOf('@') != -1)
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(_sub, email2))
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(_sub, email2, true)==0)
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
            }
            // email1 specifies a domain
            else if (email1.StartsWith("."))
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (WithinDomain(_sub, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2)
                        || String.Compare(email1, email2, true) == 0)
                    {
                        union.Add(email2);
                    }
                    else if (WithinDomain(email2, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                else
                {
                    if (WithinDomain(email2, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
            }
            // email specifies a host
            else
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (String.Compare(_sub, email1, true) == 0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2))
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
            }
        }

        private void unionURI(String email1, String email2, ISet union)
        {
            // email1 is a particular address
            if (email1.IndexOf('@') != -1)
            {
                String _sub = email1.Substring(email1.IndexOf('@') + 1);
                // both are a particular mailbox
                if (email2.IndexOf('@') != -1)
                {
                    if (String.Compare(email1, email2, true) ==0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(_sub, email2))
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(_sub, email2, true)==0)
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                        
                    }
                }
            }
            // email1 specifies a domain
            else if (email1.StartsWith("."))
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (WithinDomain(_sub, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2)
                        || String.Compare(email1, email2, true) == 0)
                    {
                        union.Add(email2);
                    }
                    else if (WithinDomain(email2, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                else
                {
                    if (WithinDomain(email2, email1))
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
            }
            // email specifies a host
            else
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (String.Compare(_sub, email1, true)==0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2))
                    {
                        union.Add(email2);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(email1, email2, true)==0)
                    {
                        union.Add(email1);
                    }
                    else
                    {
                        union.Add(email1);
                        union.Add(email2);
                    }
                }
            }
        }

        private ISet intersectDNS(ISet permitted, ISet dnss)
        {
            ISet intersect = new HashSet();
            for (IEnumerator it = dnss.GetEnumerator(); it.MoveNext(); )
            {
                String dns = ExtractNameAsString(((GeneralSubtree)it.Current)
                    .Base);
                if (permitted == null)
                {
                    if (dns != null)
                    {
                        intersect.Add(dns);
                    }
                }
                else
                {
                    IEnumerator _iter = permitted.GetEnumerator();
                    while (_iter.MoveNext())
                    {
                        String _permitted = (String)_iter.Current;

                        if (WithinDomain(_permitted, dns))
                        {
                            intersect.Add(_permitted);
                        }
                        else if (WithinDomain(dns, _permitted))
                        {
                            intersect.Add(dns);
                        }
                    }
                }
            }

            return intersect;
        }

        protected ISet unionDNS(ISet excluded, String dns)
        {
            if (excluded.IsEmpty)
            {
                if (dns == null)
                {
                    return excluded;
                }
                excluded.Add(dns);

                return excluded;
            }
            else
            {
                ISet union = new HashSet();

                IEnumerator _iter = excluded.GetEnumerator();
                while (_iter.MoveNext())
                {
                    String _permitted = (String)_iter.Current;

                    if (WithinDomain(_permitted, dns))
                    {
                        union.Add(dns);
                    }
                    else if (WithinDomain(dns, _permitted))
                    {
                        union.Add(_permitted);
                    }
                    else
                    {
                        union.Add(_permitted);
                        union.Add(dns);
                    }
                }

                return union;
            }
        }

        /**
         * The most restricting part from <code>email1</code> and
         * <code>email2</code> is added to the intersection <code>intersect</code>.
         *
         * @param email1    Email address constraint 1.
         * @param email2    Email address constraint 2.
         * @param intersect The intersection.
         */
        private void intersectEmail(String email1, String email2, ISet intersect)
        {
            // email1 is a particular address
            if (email1.IndexOf('@') != -1)
            {
                String _sub = email1.Substring(email1.IndexOf('@') + 1);
                // both are a particular mailbox
                if (email2.IndexOf('@') != -1)
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(_sub, email2))
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(_sub, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
            }
            // email specifies a domain
            else if (email1.StartsWith("."))
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (WithinDomain(_sub, email1))
                    {
                        intersect.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2)
                        || (String.Compare(email1, email2, true) == 0))
                    {
                        intersect.Add(email1);
                    }
                    else if (WithinDomain(email2, email1))
                    {
                        intersect.Add(email2);
                    }
                }
                else
                {
                    if (WithinDomain(email2, email1))
                    {
                        intersect.Add(email2);
                    }
                }
            }
            // email1 specifies a host
            else
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email2.IndexOf('@') + 1);
                    if (String.Compare(_sub, email1, true) == 0)
                    {
                        intersect.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2))
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
            }
        }

        private void checkExcludedURI(ISet excluded, String uri)
        //       throws PkixNameConstraintValidatorException
        {
            if (excluded.IsEmpty)
            {
                return;
            }

            IEnumerator it = excluded.GetEnumerator();

            while (it.MoveNext())
            {
                String str = ((String)it.Current);

                if (IsUriConstrained(uri, str))
                {
                    throw new PkixNameConstraintValidatorException(
                        "URI is from an excluded subtree.");
                }
            }
        }

        private ISet intersectURI(ISet permitted, ISet uris)
        {
            ISet intersect = new HashSet();
            for (IEnumerator it = uris.GetEnumerator(); it.MoveNext(); )
            {
                String uri = ExtractNameAsString(((GeneralSubtree)it.Current)
                    .Base);
                if (permitted == null)
                {
                    if (uri != null)
                    {
                        intersect.Add(uri);
                    }
                }
                else
                {
                    IEnumerator _iter = permitted.GetEnumerator();
                    while (_iter.MoveNext())
                    {
                        String _permitted = (String)_iter.Current;
                        intersectURI(_permitted, uri, intersect);
                    }
                }
            }
            return intersect;
        }

        private ISet unionURI(ISet excluded, String uri)
        {
            if (excluded.IsEmpty)
            {
                if (uri == null)
                {
                    return excluded;
                }
                excluded.Add(uri);

                return excluded;
            }
            else
            {
                ISet union = new HashSet();

                IEnumerator _iter = excluded.GetEnumerator();
                while (_iter.MoveNext())
                {
                    String _excluded = (String)_iter.Current;

                    unionURI(_excluded, uri, union);
                }

                return union;
            }
        }

        private void intersectURI(String email1, String email2, ISet intersect)
        {
            // email1 is a particular address
            if (email1.IndexOf('@') != -1)
            {
                String _sub = email1.Substring(email1.IndexOf('@') + 1);
                // both are a particular mailbox
                if (email2.IndexOf('@') != -1)
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(_sub, email2))
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(_sub, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
            }
            // email specifies a domain
            else if (email1.StartsWith("."))
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email1.IndexOf('@') + 1);
                    if (WithinDomain(_sub, email1))
                    {
                        intersect.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2)
                        || (String.Compare(email1, email2, true) == 0))
                    {
                        intersect.Add(email1);
                    }
                    else if (WithinDomain(email2, email1))
                    {
                        intersect.Add(email2);
                    }
                }
                else
                {
                    if (WithinDomain(email2, email1))
                    {
                        intersect.Add(email2);
                    }
                }
            }
            // email1 specifies a host
            else
            {
                if (email2.IndexOf('@') != -1)
                {
                    String _sub = email2.Substring(email2.IndexOf('@') + 1);
                    if (String.Compare(_sub, email1, true) == 0)
                    {
                        intersect.Add(email2);
                    }
                }
                // email2 specifies a domain
                else if (email2.StartsWith("."))
                {
                    if (WithinDomain(email1, email2))
                    {
                        intersect.Add(email1);
                    }
                }
                // email2 specifies a particular host
                else
                {
                    if (String.Compare(email1, email2, true) == 0)
                    {
                        intersect.Add(email1);
                    }
                }
            }
        }

        private void CheckPermittedURI(ISet permitted, String uri)
        //        throws PkixNameConstraintValidatorException
        {
            if (permitted == null)
            {
                return;
            }

            IEnumerator it = permitted.GetEnumerator();

            while (it.MoveNext())
            {
                String str = ((String)it.Current);

                if (IsUriConstrained(uri, str))
                {
                    return;
                }
            }
            if (uri.Length == 0 && permitted.Count == 0)
            {
                return;
            }
            throw new PkixNameConstraintValidatorException(
                "URI is not from a permitted subtree.");
        }

        private bool IsUriConstrained(String uri, String constraint)
        {
            String host = ExtractHostFromURL(uri);
            // a host
            if (!constraint.StartsWith("."))
            {
                if (String.Compare(host, constraint, true) == 0)
                {
                    return true;
                }
            }

            // in sub domain or domain
            else if (WithinDomain(host, constraint))
            {
                return true;
            }

            return false;
        }

        private static String ExtractHostFromURL(String url)
        {
            // see RFC 1738
            // remove ':' after protocol, e.g. http:
            String sub = url.Substring(url.IndexOf(':') + 1);
            // extract host from Common Internet Scheme Syntax, e.g. http://
            if (sub.IndexOf("//") != -1)
            {
                sub = sub.Substring(sub.IndexOf("//") + 2);
            }
            // first remove port, e.g. http://test.com:21
            if (sub.LastIndexOf(':') != -1)
            {
                sub = sub.Substring(0, sub.LastIndexOf(':'));
            }
            // remove user and password, e.g. http://john:password@test.com
            sub = sub.Substring(sub.IndexOf(':') + 1);
            sub = sub.Substring(sub.IndexOf('@') + 1);
            // remove local parts, e.g. http://test.com/bla
            if (sub.IndexOf('/') != -1)
            {
                sub = sub.Substring(0, sub.IndexOf('/'));
            }
            return sub;
        }

        /**
         * Checks if the given GeneralName is in the permitted ISet.
         *
         * @param name The GeneralName
         * @throws PkixNameConstraintValidatorException
         *          If the <code>name</code>
         */
        public void checkPermitted(GeneralName name)
        //        throws PkixNameConstraintValidatorException
        {
            switch (name.TagNo)
            {
                case 1:
                    CheckPermittedEmail(permittedSubtreesEmail,
                        ExtractNameAsString(name));
                    break;
                case 2:
                    CheckPermittedDNS(permittedSubtreesDNS, DerIA5String.GetInstance(
                        name.Name).GetString());
                    break;
                case 4:
                    CheckPermittedDN(Asn1Sequence.GetInstance(name.Name.ToAsn1Object()));
                    break;
                case 6:
                    CheckPermittedURI(permittedSubtreesURI, DerIA5String.GetInstance(
                        name.Name).GetString());
                    break;
                case 7:
                    byte[] ip = Asn1OctetString.GetInstance(name.Name).GetOctets();

                    CheckPermittedIP(permittedSubtreesIP, ip);
                    break;
            }
        }

        /**
         * Check if the given GeneralName is contained in the excluded ISet.
         *
         * @param name The GeneralName.
         * @throws PkixNameConstraintValidatorException
         *          If the <code>name</code> is
         *          excluded.
         */
        public void checkExcluded(GeneralName name)
        //        throws PkixNameConstraintValidatorException
        {
            switch (name.TagNo)
            {
                case 1:
                    CheckExcludedEmail(excludedSubtreesEmail, ExtractNameAsString(name));
                    break;
                case 2:
                    checkExcludedDNS(excludedSubtreesDNS, DerIA5String.GetInstance(
                        name.Name).GetString());
                    break;
                case 4:
                    CheckExcludedDN(Asn1Sequence.GetInstance(name.Name.ToAsn1Object()));
                    break;
                case 6:
                    checkExcludedURI(excludedSubtreesURI, DerIA5String.GetInstance(
                        name.Name).GetString());
                    break;
                case 7:
                    byte[] ip = Asn1OctetString.GetInstance(name.Name).GetOctets();

                    checkExcludedIP(excludedSubtreesIP, ip);
                    break;
            }
        }

        /**
         * Updates the permitted ISet of these name constraints with the intersection
         * with the given subtree.
         *
         * @param permitted The permitted subtrees
         */

        public void IntersectPermittedSubtree(Asn1Sequence permitted)
        {
            IDictionary subtreesMap = new Hashtable();

            // group in ISets in a map ordered by tag no.
            for (IEnumerator e = permitted.GetEnumerator(); e.MoveNext(); )
            {
                GeneralSubtree subtree = GeneralSubtree.GetInstance(e.Current);
                
                int tagNo = subtree.Base.TagNo;
                if (subtreesMap[tagNo] == null)
                {
                    subtreesMap[tagNo] = new HashSet();
                }
                
                ((ISet)subtreesMap[tagNo]).Add(subtree);
            }

            for (IEnumerator it = subtreesMap.GetEnumerator(); it.MoveNext(); )
            {
                DictionaryEntry entry = (DictionaryEntry)it.Current;

                // go through all subtree groups
                switch ((int)entry.Key )
                {
                    case 1:
                        permittedSubtreesEmail = IntersectEmail(permittedSubtreesEmail,
                            (ISet)entry.Value);
                        break;
                    case 2:
                        permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS,
                            (ISet)entry.Value);
                        break;
                    case 4:
                        permittedSubtreesDN = IntersectDN(permittedSubtreesDN,
                            (ISet)entry.Value);
                        break;
                    case 6:
                        permittedSubtreesURI = intersectURI(permittedSubtreesURI,
                            (ISet)entry.Value);
                        break;
                    case 7:
                        permittedSubtreesIP = IntersectIP(permittedSubtreesIP,
                            (ISet)entry.Value);
                        break;
                }
            }
        }

        private String ExtractNameAsString(GeneralName name)
        {
            return DerIA5String.GetInstance(name.Name).GetString();
        }

        public void IntersectEmptyPermittedSubtree(int nameType)
        {
            switch (nameType)
            {
                case 1:
                    permittedSubtreesEmail = new HashSet();
                    break;
                case 2:
                    permittedSubtreesDNS = new HashSet();
                    break;
                case 4:
                    permittedSubtreesDN = new HashSet();
                    break;
                case 6:
                    permittedSubtreesURI = new HashSet();
                    break;
                case 7:
                    permittedSubtreesIP = new HashSet();
                    break;
            }
        }

        /**
         * Adds a subtree to the excluded ISet of these name constraints.
         *
         * @param subtree A subtree with an excluded GeneralName.
         */
        public void AddExcludedSubtree(GeneralSubtree subtree)
        {
            GeneralName subTreeBase = subtree.Base;

            switch (subTreeBase.TagNo)
            {
                case 1:
                    excludedSubtreesEmail = UnionEmail(excludedSubtreesEmail,
                        ExtractNameAsString(subTreeBase));
                    break;
                case 2:
                    excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                        ExtractNameAsString(subTreeBase));
                    break;
                case 4:
                    excludedSubtreesDN = UnionDN(excludedSubtreesDN,
                        (Asn1Sequence)subTreeBase.Name.ToAsn1Object());
                    break;
                case 6:
                    excludedSubtreesURI = unionURI(excludedSubtreesURI,
                        ExtractNameAsString(subTreeBase));
                    break;
                case 7:
                    excludedSubtreesIP = UnionIP(excludedSubtreesIP, Asn1OctetString
                        .GetInstance(subTreeBase.Name).GetOctets());
                    break;
            }
        }

        /**
         * Returns the maximum IP address.
         *
         * @param ip1 The first IP address.
         * @param ip2 The second IP address.
         * @return The maximum IP address.
         */
        private static byte[] Max(byte[] ip1, byte[] ip2)
        {
            for (int i = 0; i < ip1.Length; i++)
            {
                if ((ip1[i] & 0xFFFF) > (ip2[i] & 0xFFFF))
                {
                    return ip1;
                }
            }
            return ip2;
        }

        /**
         * Returns the minimum IP address.
         *
         * @param ip1 The first IP address.
         * @param ip2 The second IP address.
         * @return The minimum IP address.
         */
        private static byte[] Min(byte[] ip1, byte[] ip2)
        {
            for (int i = 0; i < ip1.Length; i++)
            {
                if ((ip1[i] & 0xFFFF) < (ip2[i] & 0xFFFF))
                {
                    return ip1;
                }
            }
            return ip2;
        }

        /**
         * Compares IP address <code>ip1</code> with <code>ip2</code>. If ip1
         * is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1
         * otherwise.
         *
         * @param ip1 The first IP address.
         * @param ip2 The second IP address.
         * @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise.
         */
        private static int CompareTo(byte[] ip1, byte[] ip2)
        {
            if (Org.BouncyCastle.Utilities.Arrays.AreEqual(ip1, ip2))
            {
                return 0;
            }
            if (Org.BouncyCastle.Utilities.Arrays.AreEqual(Max(ip1, ip2), ip1))
            {
                return 1;
            }
            return -1;
        }

        /**
         * Returns the logical OR of the IP addresses <code>ip1</code> and
         * <code>ip2</code>.
         *
         * @param ip1 The first IP address.
         * @param ip2 The second IP address.
         * @return The OR of <code>ip1</code> and <code>ip2</code>.
         */
        private static byte[] Or(byte[] ip1, byte[] ip2)
        {
            byte[] temp = new byte[ip1.Length];
            for (int i = 0; i < ip1.Length; i++)
            {
                temp[i] = (byte)(ip1[i] | ip2[i]);
            }
            return temp;
        }

    [Obsolete("Use GetHashCode instead")]
    public int HashCode()
    {
      return GetHashCode();
    }

    public override int GetHashCode()
        {
            return HashCollection(excludedSubtreesDN)
                + HashCollection(excludedSubtreesDNS)
                + HashCollection(excludedSubtreesEmail)
                + HashCollection(excludedSubtreesIP)
                + HashCollection(excludedSubtreesURI)
                + HashCollection(permittedSubtreesDN)
                + HashCollection(permittedSubtreesDNS)
                + HashCollection(permittedSubtreesEmail)
                + HashCollection(permittedSubtreesIP)
                + HashCollection(permittedSubtreesURI);
        }

        private int HashCollection(ICollection coll)
        {
            if (coll == null)
            {
                return 0;
            }
            int hash = 0;
            IEnumerator it1 = coll.GetEnumerator();
            while (it1.MoveNext())
            {
                Object o = it1.Current;
                if (o is byte[])
                {
                    hash += Org.BouncyCastle.Utilities.Arrays.GetHashCode((byte[])o);
                }
                else
                {
                    hash += o.GetHashCode();
                }
            }
            return hash;
        }

    public override bool Equals(Object o)
    {
      if (!(o is PkixNameConstraintValidator))
        return false;

      PkixNameConstraintValidator constraintValidator = (PkixNameConstraintValidator)o;

      return CollectionsAreEqual(constraintValidator.excludedSubtreesDN, excludedSubtreesDN)
        && CollectionsAreEqual(constraintValidator.excludedSubtreesDNS, excludedSubtreesDNS)
        && CollectionsAreEqual(constraintValidator.excludedSubtreesEmail, excludedSubtreesEmail)
        && CollectionsAreEqual(constraintValidator.excludedSubtreesIP, excludedSubtreesIP)
        && CollectionsAreEqual(constraintValidator.excludedSubtreesURI, excludedSubtreesURI)
        && CollectionsAreEqual(constraintValidator.permittedSubtreesDN, permittedSubtreesDN)
        && CollectionsAreEqual(constraintValidator.permittedSubtreesDNS, permittedSubtreesDNS)
        && CollectionsAreEqual(constraintValidator.permittedSubtreesEmail, permittedSubtreesEmail)
        && CollectionsAreEqual(constraintValidator.permittedSubtreesIP, permittedSubtreesIP)
        && CollectionsAreEqual(constraintValidator.permittedSubtreesURI, permittedSubtreesURI);
    }

        private bool CollectionsAreEqual(ICollection coll1, ICollection coll2)
        {
            if (coll1 == coll2)
            {
                return true;
            }
            if (coll1 == null || coll2 == null)
            {
                return false;
            }
            if (coll1.Count != coll2.Count)
            {
                return false;
            }
            IEnumerator it1 = coll1.GetEnumerator();

            while (it1.MoveNext())
            {
                Object a = it1.Current;
                IEnumerator it2 = coll2.GetEnumerator();
                bool found = false;
                while (it2.MoveNext())
                {
                    Object b = it2.Current;
                    if (SpecialEquals(a, b))
                    {
                        found = true;
                        break;
                    }
                }
                if (!found)
                {
                    return false;
                }
            }
            return true;
        }

        private bool SpecialEquals(Object o1, Object o2)
        {
            if (o1 == o2)
            {
                return true;
            }
            if (o1 == null || o2 == null)
            {
                return false;
            }
            if ((o1 is byte[]) && (o2 is byte[]))
            {
                return Org.BouncyCastle.Utilities.Arrays.AreEqual((byte[])o1, (byte[])o2);
            }
            else
            {
                return o1.Equals(o2);
            }
        }

        /**
         * Stringifies an IPv4 or v6 address with subnet mask.
         *
         * @param ip The IP with subnet mask.
         * @return The stringified IP address.
         */
        private String StringifyIP(byte[] ip)
        {
            String temp = "";
            for (int i = 0; i < ip.Length / 2; i++)
            {
                //temp += Integer.toString(ip[i] & 0x00FF) + ".";
                temp += (ip[i] & 0x00FF) + ".";
            }
            temp = temp.Substring(0, temp.Length - 1);
            temp += "/";
            for (int i = ip.Length / 2; i < ip.Length; i++)
            {
                //temp += Integer.toString(ip[i] & 0x00FF) + ".";
                temp += (ip[i] & 0x00FF) + ".";
            }
            temp = temp.Substring(0, temp.Length - 1);
            return temp;
        }

        private String StringifyIPCollection(ISet ips)
        {
            String temp = "";
            temp += "[";
            for (IEnumerator it = ips.GetEnumerator(); it.MoveNext(); )
            {
                temp += StringifyIP((byte[])it.Current) + ",";
            }
            if (temp.Length > 1)
            {
                temp = temp.Substring(0, temp.Length - 1);
            }
            temp += "]";

            return temp;
        }

        public override String ToString()
        {
            String temp = "";

            temp += "permitted:\n";
            if (permittedSubtreesDN != null)
            {
                temp += "DN:\n";
                temp += permittedSubtreesDN.ToString() + "\n";
            }
            if (permittedSubtreesDNS != null)
            {
                temp += "DNS:\n";
                temp += permittedSubtreesDNS.ToString() + "\n";
            }
            if (permittedSubtreesEmail != null)
            {
                temp += "Email:\n";
                temp += permittedSubtreesEmail.ToString() + "\n";
            }
            if (permittedSubtreesURI != null)
            {
                temp += "URI:\n";
                temp += permittedSubtreesURI.ToString() + "\n";
            }
            if (permittedSubtreesIP != null)
            {
                temp += "IP:\n";
                temp += StringifyIPCollection(permittedSubtreesIP) + "\n";
            }
            temp += "excluded:\n";
            if (!(excludedSubtreesDN.IsEmpty))
            {
                temp += "DN:\n";
                temp += excludedSubtreesDN.ToString() + "\n";
            }
            if (!excludedSubtreesDNS.IsEmpty)
            {
                temp += "DNS:\n";
                temp += excludedSubtreesDNS.ToString() + "\n";
            }
            if (!excludedSubtreesEmail.IsEmpty)
            {
                temp += "Email:\n";
                temp += excludedSubtreesEmail.ToString() + "\n";
            }
            if (!excludedSubtreesURI.IsEmpty)
            {
                temp += "URI:\n";
                temp += excludedSubtreesURI.ToString() + "\n";
            }
            if (!excludedSubtreesIP.IsEmpty)
            {
                temp += "IP:\n";
                temp += StringifyIPCollection(excludedSubtreesIP) + "\n";
            }
            return temp;
        }

    }
}
www.java2v.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.