001/* 002 * Copyright 2017-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2017-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2017-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl.cert; 037 038 039 040import com.unboundid.util.OID; 041import com.unboundid.util.StaticUtils; 042import com.unboundid.util.ThreadSafety; 043import com.unboundid.util.ThreadSafetyLevel; 044 045import static com.unboundid.util.ssl.cert.CertMessages.*; 046 047 048 049/** 050 * This enum defines a set of OIDs that are known to be used in the 051 * {@link ExtendedKeyUsageExtension}. Note that extended key usage extensions 052 * may include OIDs that are not included in this enum, and any code that makes 053 * use of the extension should be prepared to handle other key usage IDs. 054 */ 055@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 056public enum ExtendedKeyUsageID 057{ 058 /** 059 * The extended key usage ID that indicates that the associated certificate 060 * may be used for TLS server authentication. 061 */ 062 TLS_SERVER_AUTHENTICATION("1.3.6.1.5.5.7.3.1", 063 INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION.get()), 064 065 066 067 /** 068 * The extended key usage ID that indicates that the associated certificate 069 * may be used for TLS client authentication. 070 */ 071 TLS_CLIENT_AUTHENTICATION("1.3.6.1.5.5.7.3.2", 072 INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION.get()), 073 074 075 076 /** 077 * The extended key usage ID that indicates that the associated certificate 078 * may be used for code signing. 079 */ 080 CODE_SIGNING("1.3.6.1.5.5.7.3.3", 081 INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING.get()), 082 083 084 085 /** 086 * The extended key usage ID that indicates that the associated certificate 087 * may be used for email protection. 088 */ 089 EMAIL_PROTECTION("1.3.6.1.5.5.7.3.4", 090 INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION.get()), 091 092 093 094 /** 095 * The extended key usage ID that indicates that the associated certificate 096 * may be used for time stamping. 097 */ 098 TIME_STAMPING("1.3.6.1.5.5.7.3.8", 099 INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING.get()), 100 101 102 103 /** 104 * The extended key usage ID that indicates that the associated certificate 105 * may be used for signing OCSP responses. 106 */ 107 OCSP_SIGNING("1.3.6.1.5.5.7.3.9", 108 INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING.get()); 109 110 111 112 // The OID for this extended key usage ID value. 113 private final OID oid; 114 115 // The human-readable name for this extended key usage ID value. 116 private final String name; 117 118 119 120 /** 121 * Creates a new extended key usage ID value with the provided information. 122 * 123 * @param oidString The string representation of the OID for this extended 124 * key usage ID value. 125 * @param name The human-readable name for this extended key usage ID 126 * value. 127 */ 128 ExtendedKeyUsageID(final String oidString, final String name) 129 { 130 this.name = name; 131 132 oid = new OID(oidString); 133 } 134 135 136 137 /** 138 * Retrieves the OID for this extended key usage ID value. 139 * 140 * @return The OID for this extended key usage ID value. 141 */ 142 public OID getOID() 143 { 144 return oid; 145 } 146 147 148 149 /** 150 * Retrieves the human-readable name for this extended key usage ID value. 151 * 152 * @return The human-readable name for this extended key usage ID value. 153 */ 154 public String getName() 155 { 156 return name; 157 } 158 159 160 161 /** 162 * Retrieves the extended key usage ID value with the specified OID. 163 * 164 * @param oid The OID of the extended key usage ID value to retrieve. It 165 * must not be {@code null}. 166 * 167 * @return The extended key usage ID value with the specified OID, or 168 * {@code null} if there is no value with the specified OID. 169 */ 170 public static ExtendedKeyUsageID forOID(final OID oid) 171 { 172 for (final ExtendedKeyUsageID id : values()) 173 { 174 if (id.oid.equals(oid)) 175 { 176 return id; 177 } 178 } 179 180 return null; 181 } 182 183 184 185 /** 186 * Retrieves the human-readable name for the extended key usage ID value with 187 * the provided OID, or a string representation of the OID if there is no 188 * value with that OID. 189 * 190 * @param oid The OID for the extended key usage ID to retrieve. 191 * 192 * @return The human-readable name for the extended key usage ID value with 193 * the provided OID, or a string representation of the OID if there 194 * is no value with that OID. 195 */ 196 public static String getNameOrOID(final OID oid) 197 { 198 final ExtendedKeyUsageID id = forOID(oid); 199 if (id == null) 200 { 201 return oid.toString(); 202 } 203 else 204 { 205 return id.name; 206 } 207 } 208 209 210 211 /** 212 * Retrieves the extended key usage ID with the specified name. 213 * 214 * @param name The name of the extended key usage ID to retrieve. It must 215 * not be {@code null}. 216 * 217 * @return The requested extended key usage ID, or {@code null} if no such ID 218 * is defined. 219 */ 220 public static ExtendedKeyUsageID forName(final String name) 221 { 222 switch (StaticUtils.toLowerCase(name)) 223 { 224 case "tlsserverauthentication": 225 case "tls-server-authentication": 226 case "tls_server_authentication": 227 case "tls server authentication": 228 case "serverauth": 229 case "server-auth": 230 case "server_auth": 231 case "server auth": 232 return TLS_SERVER_AUTHENTICATION; 233 case "tlsclientauthentication": 234 case "tls-client-authentication": 235 case "tls_client_authentication": 236 case "tls client authentication": 237 case "clientauth": 238 case "client-auth": 239 case "client_auth": 240 case "client auth": 241 return TLS_CLIENT_AUTHENTICATION; 242 case "codesigning": 243 case "code-signing": 244 case "code_signing": 245 case "code signing": 246 return CODE_SIGNING; 247 case "emailprotection": 248 case "email-protection": 249 case "email_protection": 250 case "email protection": 251 return EMAIL_PROTECTION; 252 case "timestamping": 253 case "time-stamping": 254 case "time_stamping": 255 case "time stamping": 256 return TIME_STAMPING; 257 case "ocspsigning": 258 case "ocsp-signing": 259 case "ocsp_signing": 260 case "ocsp signing": 261 return OCSP_SIGNING; 262 default: 263 return null; 264 } 265 } 266}