reasons.go

Documentation: github.com/letsencrypt/boulder/revocation

     1  package revocation
     2  
     3  import (
     4  	"fmt"
     5  	"sort"
     6  	"strings"
     7  
     8  	"golang.org/x/crypto/ocsp"
     9  )
    10  
    11  // Reason is used to specify a certificate revocation reason
    12  type Reason int
    13  
    14  // ReasonToString provides a map from reason code to string
    15  var ReasonToString = map[Reason]string{
    16  	ocsp.Unspecified:          "unspecified",
    17  	ocsp.KeyCompromise:        "keyCompromise",
    18  	ocsp.CACompromise:         "cACompromise",
    19  	ocsp.AffiliationChanged:   "affiliationChanged",
    20  	ocsp.Superseded:           "superseded",
    21  	ocsp.CessationOfOperation: "cessationOfOperation",
    22  	ocsp.CertificateHold:      "certificateHold",
    23  	// 7 is unused
    24  	ocsp.RemoveFromCRL:      "removeFromCRL",
    25  	ocsp.PrivilegeWithdrawn: "privilegeWithdrawn",
    26  	ocsp.AACompromise:       "aAcompromise",
    27  }
    28  
    29  // UserAllowedReasons contains the subset of Reasons which users are
    30  // allowed to use
    31  var UserAllowedReasons = map[Reason]struct{}{
    32  	ocsp.Unspecified:          {},
    33  	ocsp.KeyCompromise:        {},
    34  	ocsp.Superseded:           {},
    35  	ocsp.CessationOfOperation: {},
    36  }
    37  
    38  // AdminAllowedReasons contains the subset of Reasons which admins are allowed
    39  // to use. Reasons not found here will soon be forbidden from appearing in CRLs
    40  // or OCSP responses by root programs.
    41  var AdminAllowedReasons = map[Reason]struct{}{
    42  	ocsp.Unspecified:          {},
    43  	ocsp.KeyCompromise:        {},
    44  	ocsp.Superseded:           {},
    45  	ocsp.CessationOfOperation: {},
    46  	ocsp.PrivilegeWithdrawn:   {},
    47  }
    48  
    49  // UserAllowedReasonsMessage contains a string describing a list of user allowed
    50  // revocation reasons. This is useful when a revocation is rejected because it
    51  // is not a valid user supplied reason and the allowed values must be
    52  // communicated. This variable is populated during package initialization.
    53  var UserAllowedReasonsMessage = ""
    54  
    55  func init() {
    56  	// Build a slice of ints from the allowed reason codes.
    57  	// We want a slice because iterating `UserAllowedReasons` will change order
    58  	// and make the message unpredictable and cumbersome for unit testing.
    59  	// We use []ints instead of []Reason to use `sort.Ints` without fuss.
    60  	var allowed []int
    61  	for reason := range UserAllowedReasons {
    62  		allowed = append(allowed, int(reason))
    63  	}
    64  	sort.Ints(allowed)
    65  
    66  	var reasonStrings []string
    67  	for _, reason := range allowed {
    68  		reasonStrings = append(reasonStrings, fmt.Sprintf("%s (%d)",
    69  			ReasonToString[Reason(reason)], reason))
    70  	}
    71  	UserAllowedReasonsMessage = strings.Join(reasonStrings, ", ")
    72  }
    73
View as plain text