ExtendedKeyUsage.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */
  20. package org.openspcoop2.utils.certificate;

  22. import java.security.cert.CertificateParsingException;
  23. import java.security.cert.X509Certificate;
  24. import java.util.ArrayList;
  25. import java.util.List;

  27. import org.bouncycastle.asn1.x509.Extensions;

  29. /**
  30.  * ExtendedKeyUsage
  31.  *
  32.  * @author Poli Andrea (apoli@link.it)
  33.  * @author $Author$
  34.  * @version $Rev$, $Date$
  35.  */
  36. public enum ExtendedKeyUsage {

  38.     ANY_EXTENDED_KEY_USAGE(org.bouncycastle.asn1.x509.KeyPurposeId.anyExtendedKeyUsage), // [2.5.29.37.0]
  39.     
  40.     SERVER_AUTH(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_serverAuth), // [1.3.6.1.5.5.7.3.1]
  41.     
  42.     CLIENT_AUTH(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_clientAuth), // [1.3.6.1.5.5.7.3.2]
  43.     
  44.     CODE_SIGNING(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_codeSigning), // [1.3.6.1.5.5.7.3.3]

  46.     EMAIL_PROTECTION(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_emailProtection), // [1.3.6.1.5.5.7.3.4]
  47.     
  48.     IPSEC_END_SYSTEM(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_ipsecEndSystem), // [1.3.6.1.5.5.7.3.5]

  50.     IPSEC_TUNNEL(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_ipsecTunnel), // [1.3.6.1.5.5.7.3.6]
  51.     
  52.     IPSEC_USER(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_ipsecUser), // [1.3.6.1.5.5.7.3.7]

  54.     TIME_STAMPING(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_timeStamping), // [1.3.6.1.5.5.7.3.8]
  55.     
  56.     OCSP_SIGNING(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_OCSPSigning), // [1.3.6.1.5.5.7.3.9]
  57.     
  58.     DVCS(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_dvcs), // [1.3.6.1.5.5.7.3.10]
  59.     
  60.     SBGP_CERT_AA_SERVER_AUTH(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_sbgpCertAAServerAuth), // [1.3.6.1.5.5.7.3.11]
  61.     
  62.     SCVP_RESPONDER(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_scvp_responder), // [1.3.6.1.5.5.7.3.12]

  64.     EAP_OVER_PPP(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_eapOverPPP), // [1.3.6.1.5.5.7.3.13]
  65.     
  66.     EAP_OVER_LAN(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_eapOverLAN), // [1.3.6.1.5.5.7.3.14]
  67.     
  68.     SCVP_SERVER(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_scvpServer), // [1.3.6.1.5.5.7.3.15]
  69.     
  70.     SCVP_CLIENT(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_scvpClient), // [1.3.6.1.5.5.7.3.16]
  71.     
  72.     IPSEC_IKE(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_ipsecIKE), // [1.3.6.1.5.5.7.3.17]
  73.     
  74.     CAPWAP_AC(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_capwapAC), // [1.3.6.1.5.5.7.3.18]
  75.     
  76.     CAPWAP_WTP(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_capwapWTP), // [1.3.6.1.5.5.7.3.19]
  77.     
  78.     SMART_CARD_LOGON(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_smartcardlogon), // [1.3.6.1.4.1.311.20.2.2]

  80.     MAC_ADDRESS(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_macAddress), // [1.3.6.1.1.1.1.22]

  82.     MS_SGC(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_msSGC), // [1.3.6.1.4.1.311.10.3.3]
  83.     
  84.     NS_SGC(org.bouncycastle.asn1.x509.KeyPurposeId.id_kp_nsSGC); // [2.16.840.1.113730.4.1]

  86.     
  87.     ExtendedKeyUsage(org.bouncycastle.asn1.x509.KeyPurposeId purposeId ) {
  88.         this.oid = purposeId.getId();
  89.         this.purposeId = purposeId;
  90.     }
  91.     
  92.     private String oid;
  93.     private org.bouncycastle.asn1.x509.KeyPurposeId purposeId;
  94.     public String getId() {
  95.         return this.oid;
  96.     }
  97.     public org.bouncycastle.asn1.x509.KeyPurposeId getPurposeId() {
  98.         if(this.purposeId!=null) {
  99.             return this.purposeId;
  100.         }
  101.         else {
  102.             return org.bouncycastle.asn1.x509.KeyPurposeId.getInstance(new org.bouncycastle.asn1.ASN1ObjectIdentifier(this.oid));
  103.         }
  104.     }
  105.     
  106.     @Override
  107.     public String toString() {
  108.         return toString(false);
  109.     }
  110.     public String toString(boolean printOID) {
  111.         if(printOID) {
  112.             return this.name()+" ("+this.oid+")";
  113.         }
  114.         else {
  115.             return this.name();
  116.         }
  117.     }
  118.     
  119.     public boolean hasKeyUsage(Certificate x509) throws CertificateParsingException {
  120.         if(x509.getCertificate()!=null) {
  121.             return hasKeyUsage(x509.getCertificate());
  122.         }
  123.         return false;
  124.     }
  125.     public boolean hasKeyUsage(CertificateInfo x509) throws CertificateParsingException {
  126.         return hasKeyUsage(x509.getCertificate());
  127.     }
  128.     public boolean hasKeyUsage(X509Certificate x509) throws CertificateParsingException {
  129.         return existsKeyUsageByOID(x509, this.oid);
  130.     }
  131.     public static boolean existsKeyUsageByOID(X509Certificate x509, String oid) throws CertificateParsingException {
  132.         if(x509.getExtendedKeyUsage()!=null) {
  133.             return x509.getExtendedKeyUsage().contains(oid);
  134.         }
  135.         return false;
  136.     }
  137.     
  138.     public boolean hasKeyUsage(byte[]encoded) {
  139.         return existsKeyUsageByBouncycastleKeyPurposeId(encoded, this.purposeId);
  140.     }
  141.     public static boolean existsKeyUsageByBouncycastleKeyPurposeId(byte[]encoded, String keyPurposeId)  {
  142.         return existsKeyUsageByBouncycastleKeyPurposeId(encoded, org.bouncycastle.asn1.x509.KeyPurposeId.getInstance(new org.bouncycastle.asn1.ASN1ObjectIdentifier(keyPurposeId)));
  143.     }
  144.     public static boolean existsKeyUsageByBouncycastleKeyPurposeId(byte[]encoded, org.bouncycastle.asn1.x509.KeyPurposeId keyPurposeId)  {
  145.         org.bouncycastle.asn1.x509.Certificate c =org.bouncycastle.asn1.x509.Certificate.getInstance(encoded);
  146.         Extensions exts = c.getTBSCertificate().getExtensions();
  147.         if (exts != null){
  148.             org.bouncycastle.asn1.x509.ExtendedKeyUsage eKey = org.bouncycastle.asn1.x509.ExtendedKeyUsage.fromExtensions(exts);
  149.             if(eKey!=null) {
  150.                 return eKey.hasKeyPurposeId(keyPurposeId);
  151.             }
  152.         }
  153.         return false;
  154.     }
  155.     
  156.     public static ExtendedKeyUsage toExtendedKeyUsage(String id) {
  157.         ExtendedKeyUsage [] v = ExtendedKeyUsage.values();
  158.         for (ExtendedKeyUsage usage : v) {
  159.             if(usage.oid.equals(id)) {
  160.                 return usage;
  161.             }
  162.         }
  163.         return null;
  164.     }
  165.     public static ExtendedKeyUsage toExtendedKeyUsage(org.bouncycastle.asn1.x509.KeyPurposeId purposeId) {
  166.         ExtendedKeyUsage [] v = ExtendedKeyUsage.values();
  167.         for (ExtendedKeyUsage usage : v) {
  168.             if(usage.purposeId.equals(purposeId)) {
  169.                 return usage;
  170.             }
  171.         }
  172.         return null;
  173.     }
  174.     
  175.     public static List<ExtendedKeyUsage> getKeyUsage(Certificate x509) throws CertificateParsingException{
  176.         if(x509.getCertificate()!=null) {
  177.             return getKeyUsage(x509.getCertificate());
  178.         }
  179.         return new ArrayList<>();
  180.     }
  181.     public static List<ExtendedKeyUsage> getKeyUsage(CertificateInfo x509) throws CertificateParsingException{
  182.         return getKeyUsage(x509.getCertificate());
  183.     }
  184.     public static List<ExtendedKeyUsage> getKeyUsage(X509Certificate x509) throws CertificateParsingException{
  185.         List<ExtendedKeyUsage> l = new ArrayList<>();
  186.         ExtendedKeyUsage [] values = ExtendedKeyUsage.values();
  187.         for (ExtendedKeyUsage keyUsage : values) {
  188.             if(keyUsage.hasKeyUsage(x509)) {
  189.                 l.add(keyUsage);
  190.             }
  191.         }
  192.         return l;
  193.     }
  194.     public static List<ExtendedKeyUsage> getKeyUsage(byte[]encoded){
  195.         List<ExtendedKeyUsage> l = new ArrayList<>();
  196.         ExtendedKeyUsage [] values = ExtendedKeyUsage.values();
  197.         for (ExtendedKeyUsage keyUsage : values) {
  198.             if(keyUsage.hasKeyUsage(encoded)) {
  199.                 l.add(keyUsage);
  200.             }
  201.         }
  202.         return l;
  203.     }
  204. }
Created with JaCoCo 0.8.8.202204050719