001/* 002 * Copyright 2017-2019 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright (C) 2017-2019 Ping Identity Corporation 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021package com.unboundid.util.ssl.cert; 022 023 024 025import com.unboundid.util.OID; 026import com.unboundid.util.StaticUtils; 027import com.unboundid.util.ThreadSafety; 028import com.unboundid.util.ThreadSafetyLevel; 029 030import static com.unboundid.util.ssl.cert.CertMessages.*; 031 032 033 034/** 035 * This enum defines a set of OIDs that are known to be used in the 036 * {@link ExtendedKeyUsageExtension}. Note that extended key usage extensions 037 * may include OIDs that are not included in this enum, and any code that makes 038 * use of the extension should be prepared to handle other key usage IDs. 039 */ 040@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 041public enum ExtendedKeyUsageID 042{ 043 /** 044 * The extended key usage ID that indicates that the associated certificate 045 * may be used for TLS server authentication. 046 */ 047 TLS_SERVER_AUTHENTICATION("1.3.6.1.5.5.7.3.1", 048 INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION.get()), 049 050 051 052 /** 053 * The extended key usage ID that indicates that the associated certificate 054 * may be used for TLS client authentication. 055 */ 056 TLS_CLIENT_AUTHENTICATION("1.3.6.1.5.5.7.3.2", 057 INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION.get()), 058 059 060 061 /** 062 * The extended key usage ID that indicates that the associated certificate 063 * may be used for code signing. 064 */ 065 CODE_SIGNING("1.3.6.1.5.5.7.3.3", 066 INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING.get()), 067 068 069 070 /** 071 * The extended key usage ID that indicates that the associated certificate 072 * may be used for email protection. 073 */ 074 EMAIL_PROTECTION("1.3.6.1.5.5.7.3.4", 075 INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION.get()), 076 077 078 079 /** 080 * The extended key usage ID that indicates that the associated certificate 081 * may be used for time stamping. 082 */ 083 TIME_STAMPING("1.3.6.1.5.5.7.3.8", 084 INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING.get()), 085 086 087 088 /** 089 * The extended key usage ID that indicates that the associated certificate 090 * may be used for signing OCSP responses. 091 */ 092 OCSP_SIGNING("1.3.6.1.5.5.7.3.9", 093 INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING.get()); 094 095 096 097 // The OID for this extended key usage ID value. 098 private final OID oid; 099 100 // The human-readable name for this extended key usage ID value. 101 private final String name; 102 103 104 105 /** 106 * Creates a new extended key usage ID value with the provided information. 107 * 108 * @param oidString The string representation of the OID for this extended 109 * key usage ID value. 110 * @param name The human-readable name for this extended key usage ID 111 * value. 112 */ 113 ExtendedKeyUsageID(final String oidString, final String name) 114 { 115 this.name = name; 116 117 oid = new OID(oidString); 118 } 119 120 121 122 /** 123 * Retrieves the OID for this extended key usage ID value. 124 * 125 * @return The OID for this extended key usage ID value. 126 */ 127 public OID getOID() 128 { 129 return oid; 130 } 131 132 133 134 /** 135 * Retrieves the human-readable name for this extended key usage ID value. 136 * 137 * @return The human-readable name for this extended key usage ID value. 138 */ 139 public String getName() 140 { 141 return name; 142 } 143 144 145 146 /** 147 * Retrieves the extended key usage ID value with the specified OID. 148 * 149 * @param oid The OID of the extended key usage ID value to retrieve. It 150 * must not be {@code null}. 151 * 152 * @return The extended key usage ID value with the specified OID, or 153 * {@code null} if there is no value with the specified OID. 154 */ 155 public static ExtendedKeyUsageID forOID(final OID oid) 156 { 157 for (final ExtendedKeyUsageID id : values()) 158 { 159 if (id.oid.equals(oid)) 160 { 161 return id; 162 } 163 } 164 165 return null; 166 } 167 168 169 170 /** 171 * Retrieves the human-readable name for the extended key usage ID value with 172 * the provided OID, or a string representation of the OID if there is no 173 * value with that OID. 174 * 175 * @param oid The OID for the extended key usage ID to retrieve. 176 * 177 * @return The human-readable name for the extended key usage ID value with 178 * the provided OID, or a string representation of the OID if there 179 * is no value with that OID. 180 */ 181 public static String getNameOrOID(final OID oid) 182 { 183 final ExtendedKeyUsageID id = forOID(oid); 184 if (id == null) 185 { 186 return oid.toString(); 187 } 188 else 189 { 190 return id.name; 191 } 192 } 193 194 195 196 /** 197 * Retrieves the extended key usage ID with the specified name. 198 * 199 * @param name The name of the extended key usage ID to retrieve. It must 200 * not be {@code null}. 201 * 202 * @return The requested extended key usage ID, or {@code null} if no such ID 203 * is defined. 204 */ 205 public static ExtendedKeyUsageID forName(final String name) 206 { 207 switch (StaticUtils.toLowerCase(name)) 208 { 209 case "tlsserverauthentication": 210 case "tls-server-authentication": 211 case "tls_server_authentication": 212 case "tls server authentication": 213 case "serverauth": 214 case "server-auth": 215 case "server_auth": 216 case "server auth": 217 return TLS_SERVER_AUTHENTICATION; 218 case "tlsclientauthentication": 219 case "tls-client-authentication": 220 case "tls_client_authentication": 221 case "tls client authentication": 222 case "clientauth": 223 case "client-auth": 224 case "client_auth": 225 case "client auth": 226 return TLS_CLIENT_AUTHENTICATION; 227 case "codesigning": 228 case "code-signing": 229 case "code_signing": 230 case "code signing": 231 return CODE_SIGNING; 232 case "emailprotection": 233 case "email-protection": 234 case "email_protection": 235 case "email protection": 236 return EMAIL_PROTECTION; 237 case "timestamping": 238 case "time-stamping": 239 case "time_stamping": 240 case "time stamping": 241 return TIME_STAMPING; 242 case "ocspsigning": 243 case "ocsp-signing": 244 case "ocsp_signing": 245 case "ocsp signing": 246 return OCSP_SIGNING; 247 default: 248 return null; 249 } 250 } 251}