Java 类org.bouncycastle.asn1.x509.GeneralSubtree 实例源码

private Set intersectURI(Set permitted, Set uris)
{
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext();)
    {
        String uri = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (uri != null)
            {
                intersect.add(uri);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

private Set intersectURI(Set permitted, Set uris)
{
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext();)
    {
        String uri = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (uri != null)
            {
                intersect.add(uri);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

private void okPressed() {
    List<GeneralSubtree> permittedSubtrees = jgsPermittedSubtrees.getGeneralSubtrees().getGeneralSubtrees();
    List<GeneralSubtree> excludedSubtrees = jgsExcludedSubtrees.getGeneralSubtrees().getGeneralSubtrees();

    GeneralSubtree[] permittedSubtreesArray = permittedSubtrees.toArray(new GeneralSubtree[permittedSubtrees.size()]);
    GeneralSubtree[] excludedSubtreesArray = excludedSubtrees.toArray(new GeneralSubtree[excludedSubtrees.size()]);

    NameConstraints nameConstraints = new NameConstraints(permittedSubtreesArray, excludedSubtreesArray);

    try {
        value = nameConstraints.getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }

    closeDialog();
}

private void addPressed() {
    Container container = getTopLevelAncestor();

    DGeneralSubtreeChooser dGeneralSubtreeChooser = null;

    if (container instanceof JDialog) {
        dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JDialog) container, title, null);
        dGeneralSubtreeChooser.setLocationRelativeTo(container);
        dGeneralSubtreeChooser.setVisible(true);
    } else if (container instanceof JFrame) {
        dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JFrame) container, title, null);
        dGeneralSubtreeChooser.setLocationRelativeTo(container);
        dGeneralSubtreeChooser.setVisible(true);
    }

    GeneralSubtree newGeneralSubtree = dGeneralSubtreeChooser.getGeneralSubtree();

    if (newGeneralSubtree == null) {
        return;
    }

    generalSubtrees.getGeneralSubtrees().add(newGeneralSubtree);

    populate();
    selectGeneralSubtreeInTable(newGeneralSubtree);
}

/**
 * Load the GeneralSubtreesTableModel with general subtrees.
 *
 * @param generalSubtrees
 *            The general subtrees
 */
public void load(GeneralSubtrees generalSubtrees) {
    List<GeneralSubtree> generalSubtreesList = generalSubtrees.getGeneralSubtrees();
    Collections.sort(generalSubtreesList, new GeneralSubtreeBaseComparator());

    data = new Object[generalSubtreesList.size()][3];

    int i = 0;
    for (GeneralSubtree generalSubtree : generalSubtreesList) {
        data[i][0] = generalSubtree;
        data[i][1] = generalSubtree;
        data[i][2] = generalSubtree;
        i++;
    }

    fireTableDataChanged();
}

@Override
public int compare(GeneralSubtree subtree1, GeneralSubtree subtree2) {
    // Maximum may be null;
    BigInteger maximum1 = BigInteger.valueOf(-1);
    BigInteger maximum2 = BigInteger.valueOf(-1);

    if (subtree1.getMaximum() != null) {
        maximum1 = subtree1.getMaximum();
    }

    if (subtree2.getMaximum() != null) {
        maximum2 = subtree2.getMaximum();
    }

    return maximum1.compareTo(maximum2);
}

private Set intersectURI(Set permitted, Set uris)
{
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext();)
    {
        String uri = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (uri != null)
            {
                intersect.add(uri);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

private Set intersectURI(Set permitted, Set uris)
{
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext();)
    {
        String uri = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (uri != null)
            {
                intersect.add(uri);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

private Set intersectURI(Set permitted, Set uris)
{
    Set intersect = new HashSet();
    for (Iterator it = uris.iterator(); it.hasNext();)
    {
        String uri = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (uri != null)
            {
                intersect.add(uri);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();
                intersectURI(_permitted, uri, intersect);
            }
        }
    }
    return intersect;
}

private Set intersectDN(Set permitted, Set dns)
{
    Set intersect = new HashSet();
    for (Iterator it = dns.iterator(); it.hasNext();)
    {
        ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it
            .next()).getBase().getName().toASN1Primitive());
        if (permitted == null)
        {
            if (dn != null)
            {
                intersect.add(dn);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                ASN1Sequence subtree = (ASN1Sequence)_iter.next();

                if (withinDNSubtree(dn, subtree))
                {
                    intersect.add(dn);
                }
                else if (withinDNSubtree(subtree, dn))
                {
                    intersect.add(subtree);
                }
            }
        }
    }
    return intersect;
}

private Set intersectEmail(Set permitted, Set emails)
{
    Set intersect = new HashSet();
    for (Iterator it = emails.iterator(); it.hasNext();)
    {
        String email = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());

        if (permitted == null)
        {
            if (email != null)
            {
                intersect.add(email);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                String _permitted = (String)it2.next();

                intersectEmail(email, _permitted, intersect);
            }
        }
    }
    return intersect;
}

/**
 * Returns the intersection of the permitted IP ranges in
 * <code>permitted</code> with <code>ip</code>.
 *
 * @param permitted A <code>Set</code> of permitted IP addresses with
 *                  their subnet mask as byte arrays.
 * @param ips       The IP address with its subnet mask.
 * @return The <code>Set</code> of permitted IP ranges intersected with
 *         <code>ip</code>.
 */
private Set intersectIP(Set permitted, Set ips)
{
    Set intersect = new HashSet();
    for (Iterator it = ips.iterator(); it.hasNext();)
    {
        byte[] ip = ASN1OctetString.getInstance(
            ((GeneralSubtree)it.next()).getBase().getName()).getOctets();
        if (permitted == null)
        {
            if (ip != null)
            {
                intersect.add(ip);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                byte[] _permitted = (byte[])it2.next();
                intersect.addAll(intersectIPRange(_permitted, ip));
            }
        }
    }
    return intersect;
}

private Set intersectDNS(Set permitted, Set dnss)
{
    Set intersect = new HashSet();
    for (Iterator it = dnss.iterator(); it.hasNext();)
    {
        String dns = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (dns != null)
            {
                intersect.add(dns);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();

                if (withinDomain(_permitted, dns))
                {
                    intersect.add(_permitted);
                }
                else if (withinDomain(dns, _permitted))
                {
                    intersect.add(dns);
                }
            }
        }
    }

    return intersect;
}

/**
 * Adds a subtree to the excluded set of these name constraints.
 *
 * @param subtree A subtree with an excluded GeneralName.
 */
public void addExcludedSubtree(GeneralSubtree subtree)
{
    GeneralName base = subtree.getBase();

    switch (base.getTagNo())
    {
        case 1:
            excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
                extractNameAsString(base));
            break;
        case 2:
            excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                extractNameAsString(base));
            break;
        case 4:
            excludedSubtreesDN = unionDN(excludedSubtreesDN,
                (ASN1Sequence)base.getName().toASN1Primitive());
            break;
        case 6:
            excludedSubtreesURI = unionURI(excludedSubtreesURI,
                extractNameAsString(base));
            break;
        case 7:
            excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
                .getInstance(base.getName()).getOctets());
            break;
    }
}

private Builder addNameConstraint(boolean permitted, GeneralName generalName) {
    if (permitted) {
        permittedNameConstraints.add(new GeneralSubtree(generalName));
    } else {
        excludedNameConstraints.add(new GeneralSubtree(generalName));
    }
    return this;
}

public static X509Certificate createCa(
        PublicKey publicKey, PrivateKey privateKey, String subject) {
    try {
        X500Principal principal = new X500Principal(subject);
        return createCertificate(publicKey, privateKey, principal, principal, 0, true,
                new ArrayList<KeyPurposeId>(), new ArrayList<Boolean>(),
                new ArrayList<GeneralName>(), new ArrayList<GeneralSubtree>(),
                new ArrayList<GeneralSubtree>(), null /* serialNumber, generated randomly */);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

private Set intersectDN(Set permitted, Set dns)
{
    Set intersect = new HashSet();
    for (Iterator it = dns.iterator(); it.hasNext();)
    {
        ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it
            .next()).getBase().getName().toASN1Primitive());
        if (permitted == null)
        {
            if (dn != null)
            {
                intersect.add(dn);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                ASN1Sequence subtree = (ASN1Sequence)_iter.next();

                if (withinDNSubtree(dn, subtree))
                {
                    intersect.add(dn);
                }
                else if (withinDNSubtree(subtree, dn))
                {
                    intersect.add(subtree);
                }
            }
        }
    }
    return intersect;
}

private Set intersectEmail(Set permitted, Set emails)
{
    Set intersect = new HashSet();
    for (Iterator it = emails.iterator(); it.hasNext();)
    {
        String email = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());

        if (permitted == null)
        {
            if (email != null)
            {
                intersect.add(email);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                String _permitted = (String)it2.next();

                intersectEmail(email, _permitted, intersect);
            }
        }
    }
    return intersect;
}

/**
 * Returns the intersection of the permitted IP ranges in
 * <code>permitted</code> with <code>ip</code>.
 *
 * @param permitted A <code>Set</code> of permitted IP addresses with
 *                  their subnet mask as byte arrays.
 * @param ips       The IP address with its subnet mask.
 * @return The <code>Set</code> of permitted IP ranges intersected with
 *         <code>ip</code>.
 */
private Set intersectIP(Set permitted, Set ips)
{
    Set intersect = new HashSet();
    for (Iterator it = ips.iterator(); it.hasNext();)
    {
        byte[] ip = ASN1OctetString.getInstance(
            ((GeneralSubtree)it.next()).getBase().getName()).getOctets();
        if (permitted == null)
        {
            if (ip != null)
            {
                intersect.add(ip);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                byte[] _permitted = (byte[])it2.next();
                intersect.addAll(intersectIPRange(_permitted, ip));
            }
        }
    }
    return intersect;
}

private Set intersectDNS(Set permitted, Set dnss)
{
    Set intersect = new HashSet();
    for (Iterator it = dnss.iterator(); it.hasNext();)
    {
        String dns = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (dns != null)
            {
                intersect.add(dns);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();

                if (withinDomain(_permitted, dns))
                {
                    intersect.add(_permitted);
                }
                else if (withinDomain(dns, _permitted))
                {
                    intersect.add(dns);
                }
            }
        }
    }

    return intersect;
}

/**
 * Adds a subtree to the excluded set of these name constraints.
 *
 * @param subtree A subtree with an excluded GeneralName.
 */
public void addExcludedSubtree(GeneralSubtree subtree)
{
    GeneralName base = subtree.getBase();

    switch (base.getTagNo())
    {
        case 1:
            excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
                extractNameAsString(base));
            break;
        case 2:
            excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                extractNameAsString(base));
            break;
        case 4:
            excludedSubtreesDN = unionDN(excludedSubtreesDN,
                (ASN1Sequence)base.getName().toASN1Primitive());
            break;
        case 6:
            excludedSubtreesURI = unionURI(excludedSubtreesURI,
                extractNameAsString(base));
            break;
        case 7:
            excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
                .getInstance(base.getName()).getOctets());
            break;
    }
}

private void populate() {
    if (generalSubtrees == null) {
        generalSubtrees = new GeneralSubtrees(new ArrayList<GeneralSubtree>());
    }

    reloadGeneralSubtreesTable();
    selectFirstGeneralSubtreeInTable();
    updateButtonControls();
}

private void removeSelectedGeneralSubtree() {
    int selectedRow = jtGeneralSubtrees.getSelectedRow();

    if (selectedRow != -1) {
        GeneralSubtree generalSubtree = (GeneralSubtree) jtGeneralSubtrees.getValueAt(selectedRow, 0);

        generalSubtrees.getGeneralSubtrees().remove(generalSubtree);

        reloadGeneralSubtreesTable();
        selectFirstGeneralSubtreeInTable();
        updateButtonControls();
    }
}

private void editSelectedGeneralSubtree() {
    int selectedRow = jtGeneralSubtrees.getSelectedRow();

    if (selectedRow != -1) {
        GeneralSubtree generalSubtree = (GeneralSubtree) jtGeneralSubtrees.getValueAt(selectedRow, 0);

        Container container = getTopLevelAncestor();

        DGeneralSubtreeChooser dGeneralSubtreeChooser = null;

        if (container instanceof JDialog) {
            dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JDialog) container, title, generalSubtree);
            dGeneralSubtreeChooser.setLocationRelativeTo(container);
            dGeneralSubtreeChooser.setVisible(true);
        } else if (container instanceof JFrame) {
            dGeneralSubtreeChooser = new DGeneralSubtreeChooser((JFrame) container, title, generalSubtree);
            dGeneralSubtreeChooser.setLocationRelativeTo(container);
            dGeneralSubtreeChooser.setVisible(true);
        }

        GeneralSubtree newGeneralSubtree = dGeneralSubtreeChooser.getGeneralSubtree();

        if (newGeneralSubtree == null) {
            return;
        }

        generalSubtrees.getGeneralSubtrees().remove(generalSubtree);
        generalSubtrees.getGeneralSubtrees().add(newGeneralSubtree);

        populate();
        selectGeneralSubtreeInTable(newGeneralSubtree);
    }
}

private void selectGeneralSubtreeInTable(GeneralSubtree generalSubtree) {
    for (int i = 0; i < jtGeneralSubtrees.getRowCount(); i++) {
        if (generalSubtree.equals(jtGeneralSubtrees.getValueAt(i, 0))) {
            jtGeneralSubtrees.changeSelection(i, 0, false, false);
            return;
        }
    }
}

private void populate(GeneralSubtree generalSubtree) {
    if (generalSubtree != null) {
        jgnBase.setGeneralName(generalSubtree.getBase());

        if (generalSubtree.getMinimum() != null) {
            jtfMinimum.setText("" + generalSubtree.getMinimum().intValue());
            jtfMinimum.setCaretPosition(0);
        }

        if (generalSubtree.getMaximum() != null) {
            jtfMaximum.setText("" + generalSubtree.getMaximum().intValue());
            jtfMaximum.setCaretPosition(0);
        }
    }
}

/**
 * Returns the rendered cell.
 *
 * @param jtGeneralSubtrees
 *            The JTable
 * @param value
 *            The value to assign to the cell
 * @param isSelected
 *            True if cell is selected
 * @param row
 *            The row of the cell to render
 * @param col
 *            The column of the cell to render
 * @param hasFocus
 *            If true, render cell appropriately
 * @return The renderered cell
 */
@Override
public Component getTableCellRendererComponent(JTable jtGeneralSubtrees, Object value, boolean isSelected,
        boolean hasFocus, int row, int col) {
    JLabel cell = (JLabel) super.getTableCellRendererComponent(jtGeneralSubtrees, value, isSelected, hasFocus, row,
            col);

    GeneralSubtree generalSubtree = (GeneralSubtree) value;

    if (col == 0) {
        cell.setText(GeneralNameUtil.safeToString(generalSubtree.getBase(), false));
    } else if (col == 1) {
        if (generalSubtree.getMinimum() != null) {
            String minimumStr = "" + generalSubtree.getMinimum().intValue();
            cell.setText(minimumStr);
            cell.setToolTipText(minimumStr);
        } else {
            cell.setText("-");
        }
    } else {
        if (generalSubtree.getMaximum() != null) {
            String maximumStr = "" + generalSubtree.getMaximum().intValue();
            cell.setText(maximumStr);
            cell.setToolTipText(maximumStr);
        } else {
            cell.setText("-");
        }
    }

    cell.setBorder(new EmptyBorder(0, 5, 0, 5));

    return cell;
}

private Set intersectDN(Set permitted, Set dns)
{
    Set intersect = new HashSet();
    for (Iterator it = dns.iterator(); it.hasNext();)
    {
        ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it
            .next()).getBase().getName().toASN1Primitive());
        if (permitted == null)
        {
            if (dn != null)
            {
                intersect.add(dn);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                ASN1Sequence subtree = (ASN1Sequence)_iter.next();

                if (withinDNSubtree(dn, subtree))
                {
                    intersect.add(dn);
                }
                else if (withinDNSubtree(subtree, dn))
                {
                    intersect.add(subtree);
                }
            }
        }
    }
    return intersect;
}

private Set intersectEmail(Set permitted, Set emails)
{
    Set intersect = new HashSet();
    for (Iterator it = emails.iterator(); it.hasNext();)
    {
        String email = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());

        if (permitted == null)
        {
            if (email != null)
            {
                intersect.add(email);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                String _permitted = (String)it2.next();

                intersectEmail(email, _permitted, intersect);
            }
        }
    }
    return intersect;
}

/**
 * Returns the intersection of the permitted IP ranges in
 * <code>permitted</code> with <code>ip</code>.
 *
 * @param permitted A <code>Set</code> of permitted IP addresses with
 *                  their subnet mask as byte arrays.
 * @param ips       The IP address with its subnet mask.
 * @return The <code>Set</code> of permitted IP ranges intersected with
 *         <code>ip</code>.
 */
private Set intersectIP(Set permitted, Set ips)
{
    Set intersect = new HashSet();
    for (Iterator it = ips.iterator(); it.hasNext();)
    {
        byte[] ip = ASN1OctetString.getInstance(
            ((GeneralSubtree)it.next()).getBase().getName()).getOctets();
        if (permitted == null)
        {
            if (ip != null)
            {
                intersect.add(ip);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                byte[] _permitted = (byte[])it2.next();
                intersect.addAll(intersectIPRange(_permitted, ip));
            }
        }
    }
    return intersect;
}

private Set intersectDNS(Set permitted, Set dnss)
{
    Set intersect = new HashSet();
    for (Iterator it = dnss.iterator(); it.hasNext();)
    {
        String dns = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (dns != null)
            {
                intersect.add(dns);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();

                if (withinDomain(_permitted, dns))
                {
                    intersect.add(_permitted);
                }
                else if (withinDomain(dns, _permitted))
                {
                    intersect.add(dns);
                }
            }
        }
    }

    return intersect;
}

/**
 * Adds a subtree to the excluded set of these name constraints.
 *
 * @param subtree A subtree with an excluded GeneralName.
 */
public void addExcludedSubtree(GeneralSubtree subtree)
{
    GeneralName base = subtree.getBase();

    switch (base.getTagNo())
    {
        case 1:
            excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
                extractNameAsString(base));
            break;
        case 2:
            excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                extractNameAsString(base));
            break;
        case 4:
            excludedSubtreesDN = unionDN(excludedSubtreesDN,
                (ASN1Sequence)base.getName().toASN1Primitive());
            break;
        case 6:
            excludedSubtreesURI = unionURI(excludedSubtreesURI,
                extractNameAsString(base));
            break;
        case 7:
            excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
                .getInstance(base.getName()).getOctets());
            break;
    }
}

public static NameConstraints buildNameConstrains(
        org.xipki.ca.certprofile.x509.jaxb.NameConstraints type)
        throws CertprofileException {
    ParamUtil.requireNonNull("type", type);
    GeneralSubtree[] permitted = buildGeneralSubtrees(type.getPermittedSubtrees());
    GeneralSubtree[] excluded = buildGeneralSubtrees(type.getExcludedSubtrees());
    return (permitted == null && excluded == null) ? null
            : new NameConstraints(permitted, excluded);
}

private static GeneralSubtree[] buildGeneralSubtrees(GeneralSubtreesType subtrees)
        throws CertprofileException {
    if (subtrees == null || CollectionUtil.isEmpty(subtrees.getBase())) {
        return null;
    }

    List<GeneralSubtreeBaseType> list = subtrees.getBase();
    final int n = list.size();
    GeneralSubtree[] ret = new GeneralSubtree[n];
    for (int i = 0; i < n; i++) {
        ret[i] = buildGeneralSubtree(list.get(i));
    }

    return ret;
}

private static GeneralSubtree buildGeneralSubtree(GeneralSubtreeBaseType type)
        throws CertprofileException {
    ParamUtil.requireNonNull("type", type);
    GeneralName base = null;
    if (type.getDirectoryName() != null) {
        base = new GeneralName(X509Util.reverse(
                new X500Name(type.getDirectoryName())));
    } else if (type.getDnsName() != null) {
        base = new GeneralName(GeneralName.dNSName, type.getDnsName());
    } else if (type.getIpAddress() != null) {
        base = new GeneralName(GeneralName.iPAddress, type.getIpAddress());
    } else if (type.getRfc822Name() != null) {
        base = new GeneralName(GeneralName.rfc822Name, type.getRfc822Name());
    } else if (type.getUri() != null) {
        base = new GeneralName(GeneralName.uniformResourceIdentifier, type.getUri());
    } else {
        throw new RuntimeException(
                "should not reach here, unknown child of GeneralSubtreeBaseType");
    }

    Integer min = type.getMinimum();
    if (min != null && min < 0) {
        throw new CertprofileException("negative minimum is not allowed: " + min);
    }
    BigInteger minimum = (min == null) ? null : BigInteger.valueOf(min.intValue());

    Integer max = type.getMaximum();
    if (max != null && max < 0) {
        throw new CertprofileException("negative maximum is not allowed: " + max);
    }
    BigInteger maximum = (max == null) ? null : BigInteger.valueOf(max.intValue());

    return new GeneralSubtree(base, minimum, maximum);
}

private Set intersectDN(Set permitted, Set dns)
{
    Set intersect = new HashSet();
    for (Iterator it = dns.iterator(); it.hasNext();)
    {
        ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it
            .next()).getBase().getName().toASN1Primitive());
        if (permitted == null)
        {
            if (dn != null)
            {
                intersect.add(dn);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                ASN1Sequence subtree = (ASN1Sequence)_iter.next();

                if (withinDNSubtree(dn, subtree))
                {
                    intersect.add(dn);
                }
                else if (withinDNSubtree(subtree, dn))
                {
                    intersect.add(subtree);
                }
            }
        }
    }
    return intersect;
}

private Set intersectEmail(Set permitted, Set emails)
{
    Set intersect = new HashSet();
    for (Iterator it = emails.iterator(); it.hasNext();)
    {
        String email = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());

        if (permitted == null)
        {
            if (email != null)
            {
                intersect.add(email);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                String _permitted = (String)it2.next();

                intersectEmail(email, _permitted, intersect);
            }
        }
    }
    return intersect;
}

/**
 * Returns the intersection of the permitted IP ranges in
 * <code>permitted</code> with <code>ip</code>.
 *
 * @param permitted A <code>Set</code> of permitted IP addresses with
 *                  their subnet mask as byte arrays.
 * @param ips       The IP address with its subnet mask.
 * @return The <code>Set</code> of permitted IP ranges intersected with
 *         <code>ip</code>.
 */
private Set intersectIP(Set permitted, Set ips)
{
    Set intersect = new HashSet();
    for (Iterator it = ips.iterator(); it.hasNext();)
    {
        byte[] ip = ASN1OctetString.getInstance(
            ((GeneralSubtree)it.next()).getBase().getName()).getOctets();
        if (permitted == null)
        {
            if (ip != null)
            {
                intersect.add(ip);
            }
        }
        else
        {
            Iterator it2 = permitted.iterator();
            while (it2.hasNext())
            {
                byte[] _permitted = (byte[])it2.next();
                intersect.addAll(intersectIPRange(_permitted, ip));
            }
        }
    }
    return intersect;
}

private Set intersectDNS(Set permitted, Set dnss)
{
    Set intersect = new HashSet();
    for (Iterator it = dnss.iterator(); it.hasNext();)
    {
        String dns = extractNameAsString(((GeneralSubtree)it.next())
            .getBase());
        if (permitted == null)
        {
            if (dns != null)
            {
                intersect.add(dns);
            }
        }
        else
        {
            Iterator _iter = permitted.iterator();
            while (_iter.hasNext())
            {
                String _permitted = (String)_iter.next();

                if (withinDomain(_permitted, dns))
                {
                    intersect.add(_permitted);
                }
                else if (withinDomain(dns, _permitted))
                {
                    intersect.add(dns);
                }
            }
        }
    }

    return intersect;
}

/**
 * Adds a subtree to the excluded set of these name constraints.
 *
 * @param subtree A subtree with an excluded GeneralName.
 */
public void addExcludedSubtree(GeneralSubtree subtree)
{
    GeneralName base = subtree.getBase();

    switch (base.getTagNo())
    {
        case 1:
            excludedSubtreesEmail = unionEmail(excludedSubtreesEmail,
                extractNameAsString(base));
            break;
        case 2:
            excludedSubtreesDNS = unionDNS(excludedSubtreesDNS,
                extractNameAsString(base));
            break;
        case 4:
            excludedSubtreesDN = unionDN(excludedSubtreesDN,
                (ASN1Sequence)base.getName().toASN1Primitive());
            break;
        case 6:
            excludedSubtreesURI = unionURI(excludedSubtreesURI,
                extractNameAsString(base));
            break;
        case 7:
            excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString
                .getInstance(base.getName()).getOctets());
            break;
    }
}