All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.cesecore.config.AvailableExtendedKeyUsagesConfiguration Maven / Gradle / Ivy

Go to download 

/*************************************************************************
 *                                                                       *
 *  CESeCore: CE Security Core                                           *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.cesecore.config;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;

import org.apache.commons.lang.StringUtils;
import org.cesecore.configuration.ConfigurationBase;

/**
 * This file handles configuration of Available Extended Key Usages
 *
 * @version $Id: AvailableExtendedKeyUsagesConfiguration.java 30578 2018-11-22 12:22:39Z bastianf $
 */
public class AvailableExtendedKeyUsagesConfiguration extends ConfigurationBase implements Serializable{

    private static final long serialVersionUID = -3430732247486886608L;
    public static final String CONFIGURATION_ID = "AVAILABLE_EXTENDED_KEY_USAGES";

    /** Creates a new instance of AvailableExtendedKeyUsagesConfiguration without defaults */
    public AvailableExtendedKeyUsagesConfiguration(boolean ignored)  {
        super();
    }

    /** Creates a new instance of AvailableExtendedKeyUsagesConfiguration */
    public AvailableExtendedKeyUsagesConfiguration()  {
       super();
       // Before EJBCA 6.4.0 this was configured in a property file
       addExtKeyUsage("2.5.29.37.0", "EKU_PKIX_ANYEXTENDEDKEYUSAGE");
       addExtKeyUsage("1.3.6.1.5.5.7.3.1", "EKU_PKIX_SERVERAUTH");
       addExtKeyUsage("1.3.6.1.5.5.7.3.2", "EKU_PKIX_CLIENTAUTH");
       addExtKeyUsage("1.3.6.1.5.5.7.3.3", "EKU_PKIX_CODESIGNING");
       addExtKeyUsage("1.3.6.1.5.5.7.3.4", "EKU_PKIX_EMAILPROTECTION");
       //addExtKeyUsage("1.3.6.1.5.5.7.3.5", "EKU_PKIX_IPSECENDSYSTEM");  // Deprecated EKU
       //addExtKeyUsage("1.3.6.1.5.5.7.3.6", "EKU_PKIX_IPSECTUNNEL");     // Deprecated EKU
       //addExtKeyUsage("1.3.6.1.5.5.7.3.7", "EKU_PKIX_IPSECUSER");       // Deprecated EKU
       addExtKeyUsage("1.3.6.1.5.5.7.3.8", "EKU_PKIX_TIMESTAMPING");
       addExtKeyUsage("1.3.6.1.5.5.7.3.9", "EKU_PKIX_OCSPSIGNING");
       // RFC 4334 - Certificate Extensions Supporting Authentication in PPP and WLAN
       addExtKeyUsage("1.3.6.1.5.5.7.3.13", "EKU_PKIX_EAPOVERPPP");
       addExtKeyUsage("1.3.6.1.5.5.7.3.14", "EKU_PKIX_EAPOVERLAN");
       // RFC 5055 - Server-Based Certificate Validation Protocol (SCVP)
       addExtKeyUsage("1.3.6.1.5.5.7.3.15", "EKU_PKIX_SCVPSERVER");
       addExtKeyUsage("1.3.6.1.5.5.7.3.16", "EKU_PKIX_SCVPCLIENT");
       // RFC 4945 - PKI Profile for IKE, ISAKMP and PKIX
       addExtKeyUsage("1.3.6.1.5.5.7.3.17", "EKU_PKIX_IPSECIKE");
       // RFC 5924 - Extended Key Usage (EKU) for Session Initiation Protocol (SIP) X.509 Certificates
       addExtKeyUsage("1.3.6.1.5.5.7.3.20", "EKU_PKIX_SIPDOMAIN");
       // RFC 6187 - X.509v3 Certificates for Secure Shell Authentication
       addExtKeyUsage("1.3.6.1.5.5.7.3.21", "EKU_PKIX_SSHCLIENT");
       addExtKeyUsage("1.3.6.1.5.5.7.3.22", "EKU_PKIX_SSHSERVER");
       // -- Microsoft extended key usages
       // Microsoft Smart card Logon (szOID_KP_SMARTCARD_LOGON)
       addExtKeyUsage("1.3.6.1.4.1.311.20.2.2", "EKU_MS_SMARTCARDLOGON");
       // Microsoft Document Signing (szOID_KP_DOCUMENT_SIGNING)
       addExtKeyUsage("1.3.6.1.4.1.311.10.3.12", "EKU_MS_DOCUMENTSIGNING");
       // Microsoft Individual Code Signing (SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID)
       addExtKeyUsage("1.3.6.1.4.1.311.2.1.21", "EKU_MS_CODESIGNING_IND");
       // Microsoft Commercial Code Signing (SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID)
       addExtKeyUsage("1.3.6.1.4.1.311.2.1.22", "EKU_MS_CODESIGNING_COM");
       // Microsoft Encrypted File System (szOID_EFS_CRYPTO)
       addExtKeyUsage("1.3.6.1.4.1.311.10.3.4", "EKU_MS_EFSCRYPTO");
       // Microsoft Encrypted File System Recovery (szOID_EFS_RECOVERY)
       addExtKeyUsage("1.3.6.1.4.1.311.10.3.4.1", "EKU_MS_EFSRECOVERY");
       // -- Intel extended key usages
       // Intel AMT (out of band) network management
       addExtKeyUsage("2.16.840.1.113741.1.2.3", "EKU_INTEL_AMT");
       // -- ETSI (European Telecommunications Standards Institute) extended key usages
       // ETSI TS 102 231 TSL Signing (id-tsl-kp-tslSigning)
       addExtKeyUsage("0.4.0.2231.3.0", "EKU_ETSI_TSLSIGNING");
       // -- Adobe extended key usages
       // Adobe PDF Signing http://www.adobe.com/misc/pdfs/Adobe_CDS_CPv011604clean.pdf
       addExtKeyUsage("1.2.840.113583.1.1.5", "EKU_ADOBE_PDFSIGNING");
       // -- CSN (Czech technical standard) extended key usages
       // CSN 36 9791 TSL Client (id-csn-369791-tls-client)
       addExtKeyUsage("1.2.203.7064.1.1.369791.1", "EKU_CSN_TLSCLIENT");
       // CSN 36 9791 TSL Server (id-csn-369791-tls-server)
       addExtKeyUsage("1.2.203.7064.1.1.369791.2", "EKU_CSN_TLSSERVER");
       // -- Kerberos extended key usages
       // RFC 4556 - Kerberos PKINIT client (id-pkinit-KPClientAuth)
       addExtKeyUsage("1.3.6.1.5.2.3.4", "EKU_KRB_PKINIT_CLIENT");
       // RFC 4556 - Kerberos PKINIT server/KDC (id-pkinit-KPKdc)
       addExtKeyUsage("1.3.6.1.5.2.3.5", "EKU_KRB_PKINIT_KDC");
       // -- ICAO (International Civil Aviation Organization) extended key usages
       // Machine Readable Travel Documents - Part 12, Pubic Key Infrastructure for MRTDs, Seventh Edition 2015, Doc 9303
       // ICAO Master List Signer (cscaMasterListSigningKey)
       addExtKeyUsage("2.23.136.1.1.3", "EKU_ICAO_MASTERLISTSIGNING");
       // ICAO Deviation List Signer
       addExtKeyUsage("2.23.136.1.1.8", "EKU_ICAO_DEVIATIONLISTSIGNING");
       // -- NIST (National Institute of Standards and Technology) extended key usages
       // The id-PIV-cardAuth keyPurposeID specifies that the public key is used to authenticate the PIV-I card rather than the PIV-I card holder.
       // http://www.idmanagement.gov/sites/default/files/documents/pivi_certificate_crl_profile.pdf
       addExtKeyUsage("2.16.840.1.101.3.6.8", "EKU_NIST_PIVCARDAUTH");
    }

    public AvailableExtendedKeyUsagesConfiguration(Serializable dataobj) {
        @SuppressWarnings("unchecked")
        LinkedHashMap d = (LinkedHashMap) dataobj;
        data = d;
    }

    @Override
    public String getConfigurationId() {
        return CONFIGURATION_ID;
    }

    public boolean isExtendedKeyUsageSupported(String oid) {
        return data.containsKey(oid.trim());
    }

    public void addExtKeyUsage(String oid, String name) {
        data.put(oid.trim(), name);
    }

    public void removeExtKeyUsage(String oid) {
        data.remove(oid.trim());
    }

    public String getExtKeyUsageName(String oid) {
        oid = oid.trim();
        String name = (String) data.get(oid);
        if(name == null) {
            name = oid;
        }
        return name;
    }

    public List getAllOIDs() {
        Set keyset = data.keySet();
        ArrayList keys = new ArrayList();
        for(Object k : keyset) {
            if(!StringUtils.equalsIgnoreCase((String) k, "version")) {
                keys.add( (String) k );
            }
        }
        return keys;
    }

    public Map getAllEKUOidsAndNames() {
        @SuppressWarnings("unchecked")
        Map ret = (Map) saveData();
        ret.remove("version");
        return ret;
    }

    public Properties getAsProperties() {
        Properties properties = new Properties();
        Map allEkus = getAllEKUOidsAndNames();
        for(Entry eku : allEkus.entrySet()) {
            properties.setProperty(eku.getKey(), eku.getValue());
        }
        return properties;
    }

    @Override
    public void upgrade() {}

}
 















© 2015 - 2024 Weber Informatics LLC | Privacy Policy