1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
package revocation
import (
"fmt"
"sort"
"strings"
"golang.org/x/crypto/ocsp"
)
// Reason is used to specify a certificate revocation reason
type Reason int
// ReasonToString provides a map from reason code to string
var ReasonToString = map[Reason]string{
ocsp.Unspecified: "unspecified",
ocsp.KeyCompromise: "keyCompromise",
ocsp.CACompromise: "cACompromise",
ocsp.AffiliationChanged: "affiliationChanged",
ocsp.Superseded: "superseded",
ocsp.CessationOfOperation: "cessationOfOperation",
ocsp.CertificateHold: "certificateHold",
// 7 is unused
ocsp.RemoveFromCRL: "removeFromCRL",
ocsp.PrivilegeWithdrawn: "privilegeWithdrawn",
ocsp.AACompromise: "aAcompromise",
}
// UserAllowedReasons contains the subset of Reasons which users are
// allowed to use
var UserAllowedReasons = map[Reason]struct{}{
ocsp.Unspecified: {},
ocsp.KeyCompromise: {},
ocsp.Superseded: {},
ocsp.CessationOfOperation: {},
}
// AdminAllowedReasons contains the subset of Reasons which admins are allowed
// to use. Reasons not found here will soon be forbidden from appearing in CRLs
// or OCSP responses by root programs.
var AdminAllowedReasons = map[Reason]struct{}{
ocsp.Unspecified: {},
ocsp.KeyCompromise: {},
ocsp.Superseded: {},
ocsp.CessationOfOperation: {},
ocsp.PrivilegeWithdrawn: {},
}
// UserAllowedReasonsMessage contains a string describing a list of user allowed
// revocation reasons. This is useful when a revocation is rejected because it
// is not a valid user supplied reason and the allowed values must be
// communicated. This variable is populated during package initialization.
var UserAllowedReasonsMessage = ""
func init() {
// Build a slice of ints from the allowed reason codes.
// We want a slice because iterating `UserAllowedReasons` will change order
// and make the message unpredictable and cumbersome for unit testing.
// We use []ints instead of []Reason to use `sort.Ints` without fuss.
var allowed []int
for reason := range UserAllowedReasons {
allowed = append(allowed, int(reason))
}
sort.Ints(allowed)
var reasonStrings []string
for _, reason := range allowed {
reasonStrings = append(reasonStrings, fmt.Sprintf("%s (%d)",
ReasonToString[Reason(reason)], reason))
}
UserAllowedReasonsMessage = strings.Join(reasonStrings, ", ")
}
|