001/*
002 * Copyright 2017-2019 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2017-2019 Ping Identity Corporation
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.util.ssl.cert;
022
023
024
025import com.unboundid.util.OID;
026import com.unboundid.util.StaticUtils;
027import com.unboundid.util.ThreadSafety;
028import com.unboundid.util.ThreadSafetyLevel;
029
030import static com.unboundid.util.ssl.cert.CertMessages.*;
031
032
033
034/**
035 * This enum defines a set of OIDs that are known to be used in the
036 * {@link ExtendedKeyUsageExtension}.  Note that extended key usage extensions
037 * may include OIDs that are not included in this enum, and any code that makes
038 * use of the extension should be prepared to handle other key usage IDs.
039 */
040@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
041public enum ExtendedKeyUsageID
042{
043  /**
044   * The extended key usage ID that indicates that the associated certificate
045   * may be used for TLS server authentication.
046   */
047  TLS_SERVER_AUTHENTICATION("1.3.6.1.5.5.7.3.1",
048       INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION.get()),
049
050
051
052  /**
053   * The extended key usage ID that indicates that the associated certificate
054   * may be used for TLS client authentication.
055   */
056  TLS_CLIENT_AUTHENTICATION("1.3.6.1.5.5.7.3.2",
057       INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION.get()),
058
059
060
061  /**
062   * The extended key usage ID that indicates that the associated certificate
063   * may be used for code signing.
064   */
065  CODE_SIGNING("1.3.6.1.5.5.7.3.3",
066       INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING.get()),
067
068
069
070  /**
071   * The extended key usage ID that indicates that the associated certificate
072   * may be used for email protection.
073   */
074  EMAIL_PROTECTION("1.3.6.1.5.5.7.3.4",
075       INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION.get()),
076
077
078
079  /**
080   * The extended key usage ID that indicates that the associated certificate
081   * may be used for time stamping.
082   */
083  TIME_STAMPING("1.3.6.1.5.5.7.3.8",
084       INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING.get()),
085
086
087
088  /**
089   * The extended key usage ID that indicates that the associated certificate
090   * may be used for signing OCSP responses.
091   */
092  OCSP_SIGNING("1.3.6.1.5.5.7.3.9",
093       INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING.get());
094
095
096
097  // The OID for this extended key usage ID value.
098  private final OID oid;
099
100  // The human-readable name for this extended key usage ID value.
101  private final String name;
102
103
104
105  /**
106   * Creates a new extended key usage ID value with the provided information.
107   *
108   * @param  oidString  The string representation of the OID for this extended
109   *                    key usage ID value.
110   * @param  name       The human-readable name for this extended key usage ID
111   *                    value.
112   */
113  ExtendedKeyUsageID(final String oidString, final String name)
114  {
115    this.name = name;
116
117    oid = new OID(oidString);
118  }
119
120
121
122  /**
123   * Retrieves the OID for this extended key usage ID value.
124   *
125   * @return  The OID for this extended key usage ID value.
126   */
127  public OID getOID()
128  {
129    return oid;
130  }
131
132
133
134  /**
135   * Retrieves the human-readable name for this extended key usage ID value.
136   *
137   * @return  The human-readable name for this extended key usage ID value.
138   */
139  public String getName()
140  {
141    return name;
142  }
143
144
145
146  /**
147   * Retrieves the extended key usage ID value with the specified OID.
148   *
149   * @param  oid  The OID of the extended key usage ID value to retrieve.  It
150   *              must not be {@code null}.
151   *
152   * @return  The extended key usage ID value with the specified OID, or
153   *          {@code null} if there is no value with the specified OID.
154   */
155  public static ExtendedKeyUsageID forOID(final OID oid)
156  {
157    for (final ExtendedKeyUsageID id : values())
158    {
159      if (id.oid.equals(oid))
160      {
161        return id;
162      }
163    }
164
165    return null;
166  }
167
168
169
170  /**
171   * Retrieves the human-readable name for the extended key usage ID value with
172   * the provided OID, or a string representation of the OID if there is no
173   * value with that OID.
174   *
175   * @param  oid  The OID for the extended key usage ID to retrieve.
176   *
177   * @return  The human-readable name for the extended key usage ID value with
178   *            the provided OID, or a string representation of the OID if there
179   *            is no value with that OID.
180   */
181  public static String getNameOrOID(final OID oid)
182  {
183    final ExtendedKeyUsageID id = forOID(oid);
184    if (id == null)
185    {
186      return oid.toString();
187    }
188    else
189    {
190      return id.name;
191    }
192  }
193
194
195
196  /**
197   * Retrieves the extended key usage ID with the specified name.
198   *
199   * @param  name  The name of the extended key usage ID to retrieve.  It must
200   *               not be {@code null}.
201   *
202   * @return  The requested extended key usage ID, or {@code null} if no such ID
203   *          is defined.
204   */
205  public static ExtendedKeyUsageID forName(final String name)
206  {
207    switch (StaticUtils.toLowerCase(name))
208    {
209      case "tlsserverauthentication":
210      case "tls-server-authentication":
211      case "tls_server_authentication":
212      case "tls server authentication":
213      case "serverauth":
214      case "server-auth":
215      case "server_auth":
216      case "server auth":
217        return TLS_SERVER_AUTHENTICATION;
218      case "tlsclientauthentication":
219      case "tls-client-authentication":
220      case "tls_client_authentication":
221      case "tls client authentication":
222      case "clientauth":
223      case "client-auth":
224      case "client_auth":
225      case "client auth":
226        return TLS_CLIENT_AUTHENTICATION;
227      case "codesigning":
228      case "code-signing":
229      case "code_signing":
230      case "code signing":
231        return CODE_SIGNING;
232      case "emailprotection":
233      case "email-protection":
234      case "email_protection":
235      case "email protection":
236        return EMAIL_PROTECTION;
237      case "timestamping":
238      case "time-stamping":
239      case "time_stamping":
240      case "time stamping":
241        return TIME_STAMPING;
242      case "ocspsigning":
243      case "ocsp-signing":
244      case "ocsp_signing":
245      case "ocsp signing":
246        return OCSP_SIGNING;
247      default:
248        return null;
249    }
250  }
251}