com.unboundid.util.ssl.cert.CRLDistributionPointRevocationReason Maven / Gradle / Ivy
/*
* Copyright 2017-2024 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright 2017-2024 Ping Identity Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2017-2024 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.util.ssl.cert;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Set;
import com.unboundid.asn1.ASN1BitString;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
/**
* This enum defines a set of reasons for which a CRL distribution point may
* revoke a certificate.
*/
@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public enum CRLDistributionPointRevocationReason
{
/**
* Indicates that a CRL distribution point may revoke a certificate for an
* unspecified reason.
*/
UNSPECIFIED("unspecified", 0),
/**
* Indicates that a CRL distribution point may revoke a certificate if the
* certificate's private key may have been compromised.
*/
KEY_COMPROMISE("keyCompromise", 1),
/**
* Indicates that a CRL distribution point may revoke a certificate if the
* certificate issuer's private key may have been compromised.
*/
CA_COMPROMISE("caCompromise", 2),
/**
* Indicates that a CRL distribution point may revoke a certificate if the
* owner of a certificate is no longer affiliated with its issuer.
*/
AFFILIATION_CHANGED("affiliationChanged", 3),
/**
* Indicates that a CRL distribution point may revoke a certificate if it has
* been superseded by a newer certificate.
*/
SUPERSEDED("superseded", 4),
/**
* Indicates that a CRL distribution point may revoke a certificate if the
* certification authority is no longer in operation.
*/
CESSATION_OF_OPERATION("cessationOfOperation", 5),
/**
* Indicates that a CRL distribution point may revoke a certificate if the
* certificate has been put on hold.
*/
CERTIFICATE_HOLD("certificateHold", 6),
/**
* Indicates that a CRL distribution point may revoke a certificate if one
* or more of the privileges granted to the certificate have been withdrawn.
*/
PRIVILEGE_WITHDRAWN("privilegeWithdrawn", 7),
/**
* Indicates that a CRL distribution point may revoke a certificate if an
* associated attribute authority has been compromised.
*/
AA_COMPROMISE("aaCompromise", 8);
// The position of this revocation reason value in the bit string.
private final int bitPosition;
// A human-readable name for this revocation reason.
@NotNull private final String name;
/**
* Creates a CRL distribution point revocation reason value with the provided
* information.
*
* @param name A human-readable name for this revocation reason.
* @param bitPosition The bit string index of the bit that indicates whether
* this reason applies.
*/
CRLDistributionPointRevocationReason(@NotNull final String name,
final int bitPosition)
{
this.name = name;
this.bitPosition = bitPosition;
}
/**
* Retrieves a human-readable name for this CRL distribution point revocation
* reason.
*
* @return A human-readable name for this CRL distribution point revocation
* reason.
*/
@NotNull()
public String getName()
{
return name;
}
/**
* Retrieves the bit string index of the bit that indicates whether this
* reason applies.
*
* @return The bit string index of the bit that indicates whether this reason
* applies.
*/
int getBitPosition()
{
return bitPosition;
}
/**
* Retrieves a set that contains all of the revocation reasons that are set in
* the provided bit string.
*
* @param bitString The bit string to examine.
*
* @return A set that contains all of the revocation reasons that are set in
* the provided bit string.
*/
@NotNull()
static Set
getReasonSet(@NotNull final ASN1BitString bitString)
{
final boolean[] bits = bitString.getBits();
final EnumSet s =
EnumSet.noneOf(CRLDistributionPointRevocationReason.class);
for (final CRLDistributionPointRevocationReason r : values())
{
if ((bits.length > r.bitPosition) && bits[r.bitPosition])
{
s.add(r);
}
}
return Collections.unmodifiableSet(s);
}
/**
* Encodes the provided set of reasons to a bit string.
*
* @param type The DER to use for the bit string.
* @param reasons The set of reasons to encode.
*
* @return The bit string that represents the encoded set of reasons.
*/
@NotNull()
static ASN1BitString toBitString(final byte type,
@NotNull final Set reasons)
{
final CRLDistributionPointRevocationReason[] values = values();
final boolean[] bits = new boolean[values.length];
for (final CRLDistributionPointRevocationReason r : values)
{
bits[r.bitPosition] = reasons.contains(r);
}
return new ASN1BitString(type, bits);
}
/**
* Retrieves the CRL distribution point revocation reason with the specified
* name.
*
* @param name The name of the CRL distribution point revocation reason to
* retrieve. It must not be {@code null}.
*
* @return The requested CRL distribution point revocation reason, or
* {@code null} if no such reason is defined.
*/
@Nullable()
public static CRLDistributionPointRevocationReason
forName(@NotNull final String name)
{
switch (StaticUtils.toLowerCase(name))
{
case "unspecified":
return UNSPECIFIED;
case "keycompromise":
case "key-compromise":
case "key_compromise":
return KEY_COMPROMISE;
case "cacompromise":
case "ca-compromise":
case "ca_compromise":
return CA_COMPROMISE;
case "affiliationchanged":
case "affiliation-changed":
case "affiliation_changed":
return AFFILIATION_CHANGED;
case "superseded":
return SUPERSEDED;
case "cessationofoperation":
case "cessation-of-operation":
case "cessation_of_operation":
return CESSATION_OF_OPERATION;
case "certificatehold":
case "certificate-hold":
case "certificate_hold":
return CERTIFICATE_HOLD;
case "privilegewithdrawn":
case "privilege-withdrawn":
case "privilege_withdrawn":
return PRIVILEGE_WITHDRAWN;
case "aacompromise":
case "aa-compromise":
case "aa_compromise":
return AA_COMPROMISE;
default:
return null;
}
}
}