001/*
002 * Copyright 2017-2022 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2017-2022 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2017-2022 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.util.ssl.cert;
037
038
039
040import com.unboundid.util.NotNull;
041import com.unboundid.util.Nullable;
042import com.unboundid.util.OID;
043import com.unboundid.util.StaticUtils;
044import com.unboundid.util.ThreadSafety;
045import com.unboundid.util.ThreadSafetyLevel;
046
047import static com.unboundid.util.ssl.cert.CertMessages.*;
048
049
050
051/**
052 * This enum defines a set of OIDs that are known to be used in the
053 * {@link ExtendedKeyUsageExtension}.  Note that extended key usage extensions
054 * may include OIDs that are not included in this enum, and any code that makes
055 * use of the extension should be prepared to handle other key usage IDs.
056 */
057@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
058public enum ExtendedKeyUsageID
059{
060  /**
061   * The extended key usage ID that indicates that the associated certificate
062   * may be used for TLS server authentication.
063   */
064  TLS_SERVER_AUTHENTICATION("1.3.6.1.5.5.7.3.1",
065       INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION.get()),
066
067
068
069  /**
070   * The extended key usage ID that indicates that the associated certificate
071   * may be used for TLS client authentication.
072   */
073  TLS_CLIENT_AUTHENTICATION("1.3.6.1.5.5.7.3.2",
074       INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION.get()),
075
076
077
078  /**
079   * The extended key usage ID that indicates that the associated certificate
080   * may be used for code signing.
081   */
082  CODE_SIGNING("1.3.6.1.5.5.7.3.3",
083       INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING.get()),
084
085
086
087  /**
088   * The extended key usage ID that indicates that the associated certificate
089   * may be used for email protection.
090   */
091  EMAIL_PROTECTION("1.3.6.1.5.5.7.3.4",
092       INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION.get()),
093
094
095
096  /**
097   * The extended key usage ID that indicates that the associated certificate
098   * may be used for time stamping.
099   */
100  TIME_STAMPING("1.3.6.1.5.5.7.3.8",
101       INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING.get()),
102
103
104
105  /**
106   * The extended key usage ID that indicates that the associated certificate
107   * may be used for signing OCSP responses.
108   */
109  OCSP_SIGNING("1.3.6.1.5.5.7.3.9",
110       INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING.get());
111
112
113
114  // The OID for this extended key usage ID value.
115  @NotNull private final OID oid;
116
117  // The human-readable name for this extended key usage ID value.
118  @NotNull private final String name;
119
120
121
122  /**
123   * Creates a new extended key usage ID value with the provided information.
124   *
125   * @param  oidString  The string representation of the OID for this extended
126   *                    key usage ID value.
127   * @param  name       The human-readable name for this extended key usage ID
128   *                    value.
129   */
130  ExtendedKeyUsageID(@NotNull final String oidString,
131                     @NotNull final String name)
132  {
133    this.name = name;
134
135    oid = new OID(oidString);
136  }
137
138
139
140  /**
141   * Retrieves the OID for this extended key usage ID value.
142   *
143   * @return  The OID for this extended key usage ID value.
144   */
145  @NotNull()
146  public OID getOID()
147  {
148    return oid;
149  }
150
151
152
153  /**
154   * Retrieves the human-readable name for this extended key usage ID value.
155   *
156   * @return  The human-readable name for this extended key usage ID value.
157   */
158  @NotNull()
159  public String getName()
160  {
161    return name;
162  }
163
164
165
166  /**
167   * Retrieves the extended key usage ID value with the specified OID.
168   *
169   * @param  oid  The OID of the extended key usage ID value to retrieve.  It
170   *              must not be {@code null}.
171   *
172   * @return  The extended key usage ID value with the specified OID, or
173   *          {@code null} if there is no value with the specified OID.
174   */
175  @Nullable()
176  public static ExtendedKeyUsageID forOID(@NotNull final OID oid)
177  {
178    for (final ExtendedKeyUsageID id : values())
179    {
180      if (id.oid.equals(oid))
181      {
182        return id;
183      }
184    }
185
186    return null;
187  }
188
189
190
191  /**
192   * Retrieves the human-readable name for the extended key usage ID value with
193   * the provided OID, or a string representation of the OID if there is no
194   * value with that OID.
195   *
196   * @param  oid  The OID for the extended key usage ID to retrieve.
197   *
198   * @return  The human-readable name for the extended key usage ID value with
199   *            the provided OID, or a string representation of the OID if there
200   *            is no value with that OID.
201   */
202  @NotNull()
203  public static String getNameOrOID(@NotNull final OID oid)
204  {
205    final ExtendedKeyUsageID id = forOID(oid);
206    if (id == null)
207    {
208      return oid.toString();
209    }
210    else
211    {
212      return id.name;
213    }
214  }
215
216
217
218  /**
219   * Retrieves the extended key usage ID with the specified name.
220   *
221   * @param  name  The name of the extended key usage ID to retrieve.  It must
222   *               not be {@code null}.
223   *
224   * @return  The requested extended key usage ID, or {@code null} if no such ID
225   *          is defined.
226   */
227  @Nullable()
228  public static ExtendedKeyUsageID forName(@NotNull final String name)
229  {
230    switch (StaticUtils.toLowerCase(name))
231    {
232      case "tlsserverauthentication":
233      case "tls-server-authentication":
234      case "tls_server_authentication":
235      case "tls server authentication":
236      case "serverauth":
237      case "server-auth":
238      case "server_auth":
239      case "server auth":
240        return TLS_SERVER_AUTHENTICATION;
241      case "tlsclientauthentication":
242      case "tls-client-authentication":
243      case "tls_client_authentication":
244      case "tls client authentication":
245      case "clientauth":
246      case "client-auth":
247      case "client_auth":
248      case "client auth":
249        return TLS_CLIENT_AUTHENTICATION;
250      case "codesigning":
251      case "code-signing":
252      case "code_signing":
253      case "code signing":
254        return CODE_SIGNING;
255      case "emailprotection":
256      case "email-protection":
257      case "email_protection":
258      case "email protection":
259        return EMAIL_PROTECTION;
260      case "timestamping":
261      case "time-stamping":
262      case "time_stamping":
263      case "time stamping":
264        return TIME_STAMPING;
265      case "ocspsigning":
266      case "ocsp-signing":
267      case "ocsp_signing":
268      case "ocsp signing":
269        return OCSP_SIGNING;
270      default:
271        return null;
272    }
273  }
274}