001/* 002 * Copyright 2017-2024 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2017-2024 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2017-2024 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl.cert; 037 038 039 040import com.unboundid.util.NotNull; 041import com.unboundid.util.Nullable; 042import com.unboundid.util.OID; 043import com.unboundid.util.StaticUtils; 044import com.unboundid.util.ThreadSafety; 045import com.unboundid.util.ThreadSafetyLevel; 046 047import static com.unboundid.util.ssl.cert.CertMessages.*; 048 049 050 051/** 052 * This enum defines a set of OIDs that are known to be used in the 053 * {@link ExtendedKeyUsageExtension}. Note that extended key usage extensions 054 * may include OIDs that are not included in this enum, and any code that makes 055 * use of the extension should be prepared to handle other key usage IDs. 056 */ 057@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 058public enum ExtendedKeyUsageID 059{ 060 /** 061 * The extended key usage ID that indicates that the associated certificate 062 * may be used for TLS server authentication. 063 */ 064 TLS_SERVER_AUTHENTICATION("1.3.6.1.5.5.7.3.1", 065 INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION.get()), 066 067 068 069 /** 070 * The extended key usage ID that indicates that the associated certificate 071 * may be used for TLS client authentication. 072 */ 073 TLS_CLIENT_AUTHENTICATION("1.3.6.1.5.5.7.3.2", 074 INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION.get()), 075 076 077 078 /** 079 * The extended key usage ID that indicates that the associated certificate 080 * may be used for code signing. 081 */ 082 CODE_SIGNING("1.3.6.1.5.5.7.3.3", 083 INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING.get()), 084 085 086 087 /** 088 * The extended key usage ID that indicates that the associated certificate 089 * may be used for email protection. 090 */ 091 EMAIL_PROTECTION("1.3.6.1.5.5.7.3.4", 092 INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION.get()), 093 094 095 096 /** 097 * The extended key usage ID that indicates that the associated certificate 098 * may be used for time stamping. 099 */ 100 TIME_STAMPING("1.3.6.1.5.5.7.3.8", 101 INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING.get()), 102 103 104 105 /** 106 * The extended key usage ID that indicates that the associated certificate 107 * may be used for signing OCSP responses. 108 */ 109 OCSP_SIGNING("1.3.6.1.5.5.7.3.9", 110 INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING.get()); 111 112 113 114 // The OID for this extended key usage ID value. 115 @NotNull private final OID oid; 116 117 // The human-readable name for this extended key usage ID value. 118 @NotNull private final String name; 119 120 121 122 /** 123 * Creates a new extended key usage ID value with the provided information. 124 * 125 * @param oidString The string representation of the OID for this extended 126 * key usage ID value. 127 * @param name The human-readable name for this extended key usage ID 128 * value. 129 */ 130 ExtendedKeyUsageID(@NotNull final String oidString, 131 @NotNull final String name) 132 { 133 this.name = name; 134 135 oid = new OID(oidString); 136 } 137 138 139 140 /** 141 * Retrieves the OID for this extended key usage ID value. 142 * 143 * @return The OID for this extended key usage ID value. 144 */ 145 @NotNull() 146 public OID getOID() 147 { 148 return oid; 149 } 150 151 152 153 /** 154 * Retrieves the human-readable name for this extended key usage ID value. 155 * 156 * @return The human-readable name for this extended key usage ID value. 157 */ 158 @NotNull() 159 public String getName() 160 { 161 return name; 162 } 163 164 165 166 /** 167 * Retrieves the extended key usage ID value with the specified OID. 168 * 169 * @param oid The OID of the extended key usage ID value to retrieve. It 170 * must not be {@code null}. 171 * 172 * @return The extended key usage ID value with the specified OID, or 173 * {@code null} if there is no value with the specified OID. 174 */ 175 @Nullable() 176 public static ExtendedKeyUsageID forOID(@NotNull final OID oid) 177 { 178 for (final ExtendedKeyUsageID id : values()) 179 { 180 if (id.oid.equals(oid)) 181 { 182 return id; 183 } 184 } 185 186 return null; 187 } 188 189 190 191 /** 192 * Retrieves the human-readable name for the extended key usage ID value with 193 * the provided OID, or a string representation of the OID if there is no 194 * value with that OID. 195 * 196 * @param oid The OID for the extended key usage ID to retrieve. 197 * 198 * @return The human-readable name for the extended key usage ID value with 199 * the provided OID, or a string representation of the OID if there 200 * is no value with that OID. 201 */ 202 @NotNull() 203 public static String getNameOrOID(@NotNull final OID oid) 204 { 205 final ExtendedKeyUsageID id = forOID(oid); 206 if (id == null) 207 { 208 return oid.toString(); 209 } 210 else 211 { 212 return id.name; 213 } 214 } 215 216 217 218 /** 219 * Retrieves the extended key usage ID with the specified name. 220 * 221 * @param name The name of the extended key usage ID to retrieve. It must 222 * not be {@code null}. 223 * 224 * @return The requested extended key usage ID, or {@code null} if no such ID 225 * is defined. 226 */ 227 @Nullable() 228 public static ExtendedKeyUsageID forName(@NotNull final String name) 229 { 230 switch (StaticUtils.toLowerCase(name)) 231 { 232 case "tlsserverauthentication": 233 case "tls-server-authentication": 234 case "tls_server_authentication": 235 case "tls server authentication": 236 case "serverauth": 237 case "server-auth": 238 case "server_auth": 239 case "server auth": 240 return TLS_SERVER_AUTHENTICATION; 241 case "tlsclientauthentication": 242 case "tls-client-authentication": 243 case "tls_client_authentication": 244 case "tls client authentication": 245 case "clientauth": 246 case "client-auth": 247 case "client_auth": 248 case "client auth": 249 return TLS_CLIENT_AUTHENTICATION; 250 case "codesigning": 251 case "code-signing": 252 case "code_signing": 253 case "code signing": 254 return CODE_SIGNING; 255 case "emailprotection": 256 case "email-protection": 257 case "email_protection": 258 case "email protection": 259 return EMAIL_PROTECTION; 260 case "timestamping": 261 case "time-stamping": 262 case "time_stamping": 263 case "time stamping": 264 return TIME_STAMPING; 265 case "ocspsigning": 266 case "ocsp-signing": 267 case "ocsp_signing": 268 case "ocsp signing": 269 return OCSP_SIGNING; 270 default: 271 return null; 272 } 273 } 274}