aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/letsencrypt/boulder/revocation/reasons.go
blob: 50f556be011d9cf519648cef8cb15ebbe87219ae (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package revocation

import (
	"fmt"
	"sort"
	"strings"

	"golang.org/x/crypto/ocsp"
)

// Reason is used to specify a certificate revocation reason
type Reason int

// ReasonToString provides a map from reason code to string
var ReasonToString = map[Reason]string{
	ocsp.Unspecified:          "unspecified",
	ocsp.KeyCompromise:        "keyCompromise",
	ocsp.CACompromise:         "cACompromise",
	ocsp.AffiliationChanged:   "affiliationChanged",
	ocsp.Superseded:           "superseded",
	ocsp.CessationOfOperation: "cessationOfOperation",
	ocsp.CertificateHold:      "certificateHold",
	// 7 is unused
	ocsp.RemoveFromCRL:      "removeFromCRL",
	ocsp.PrivilegeWithdrawn: "privilegeWithdrawn",
	ocsp.AACompromise:       "aAcompromise",
}

// UserAllowedReasons contains the subset of Reasons which users are
// allowed to use
var UserAllowedReasons = map[Reason]struct{}{
	ocsp.Unspecified:          {},
	ocsp.KeyCompromise:        {},
	ocsp.Superseded:           {},
	ocsp.CessationOfOperation: {},
}

// AdminAllowedReasons contains the subset of Reasons which admins are allowed
// to use. Reasons not found here will soon be forbidden from appearing in CRLs
// or OCSP responses by root programs.
var AdminAllowedReasons = map[Reason]struct{}{
	ocsp.Unspecified:          {},
	ocsp.KeyCompromise:        {},
	ocsp.Superseded:           {},
	ocsp.CessationOfOperation: {},
	ocsp.PrivilegeWithdrawn:   {},
}

// UserAllowedReasonsMessage contains a string describing a list of user allowed
// revocation reasons. This is useful when a revocation is rejected because it
// is not a valid user supplied reason and the allowed values must be
// communicated. This variable is populated during package initialization.
var UserAllowedReasonsMessage = ""

func init() {
	// Build a slice of ints from the allowed reason codes.
	// We want a slice because iterating `UserAllowedReasons` will change order
	// and make the message unpredictable and cumbersome for unit testing.
	// We use []ints instead of []Reason to use `sort.Ints` without fuss.
	var allowed []int
	for reason := range UserAllowedReasons {
		allowed = append(allowed, int(reason))
	}
	sort.Ints(allowed)

	var reasonStrings []string
	for _, reason := range allowed {
		reasonStrings = append(reasonStrings, fmt.Sprintf("%s (%d)",
			ReasonToString[Reason(reason)], reason))
	}
	UserAllowedReasonsMessage = strings.Join(reasonStrings, ", ")
}