github.com/letsencrypt/boulder@v0.20251208.0/revocation/reasons.go

github.com/letsencrypt/boulder@v0.20251208.0/revocation/reasons.go (about)

     1  package revocation
     2  
     3  import (
     4  	"fmt"
     5  )
     6  
     7  // Reason is used to specify a certificate revocation reason
     8  type Reason int64
     9  
    10  // The enumerated reasons for revoking a certificate. See RFC 5280:
    11  // https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1.
    12  const (
    13  	Unspecified          Reason = 0
    14  	KeyCompromise        Reason = 1
    15  	CACompromise         Reason = 2
    16  	AffiliationChanged   Reason = 3
    17  	Superseded           Reason = 4
    18  	CessationOfOperation Reason = 5
    19  	CertificateHold      Reason = 6
    20  	// 7 is unused
    21  	RemoveFromCRL      Reason = 8
    22  	PrivilegeWithdrawn Reason = 9
    23  	AACompromise       Reason = 10
    24  )
    25  
    26  // reasonToString provides a map from reason code to string. It is unexported
    27  // to make it immutable.
    28  var reasonToString = map[Reason]string{
    29  	Unspecified:          "unspecified",
    30  	KeyCompromise:        "keyCompromise",
    31  	CACompromise:         "cACompromise",
    32  	AffiliationChanged:   "affiliationChanged",
    33  	Superseded:           "superseded",
    34  	CessationOfOperation: "cessationOfOperation",
    35  	CertificateHold:      "certificateHold",
    36  	RemoveFromCRL:        "removeFromCRL",
    37  	PrivilegeWithdrawn:   "privilegeWithdrawn",
    38  	AACompromise:         "aAcompromise",
    39  }
    40  
    41  // String converts a revocation reason code (such as 0) into its corresponding
    42  // reason string (e.g. "unspecified").
    43  //
    44  // The receiver *must* be one of the valid reason code constants defined in this
    45  // package: this method will panic if called on an invalid Reason. It is
    46  // expected that this method is only called on const Reasons, or after a call to
    47  // UserAllowedReason or AdminAllowedReason.
    48  func (r Reason) String() string {
    49  	res, ok := reasonToString[r]
    50  	if !ok {
    51  		panic(fmt.Errorf("unrecognized revocation code %d", r))
    52  	}
    53  	return res
    54  }
    55  
    56  // StringToReason converts a revocation reason string (such as "keyCompromise")
    57  // into the corresponding integer reason code (e.g. 1).
    58  func StringToReason(s string) (Reason, error) {
    59  	for code, str := range reasonToString {
    60  		if s == str {
    61  			return code, nil
    62  		}
    63  	}
    64  	return 0, fmt.Errorf("unrecognized revocation reason %q", s)
    65  }
    66  
    67  // UserAllowedReason returns true if the given Reason is in the subset of
    68  // Reasons which users are allowed to request.
    69  func UserAllowedReason(r Reason) bool {
    70  	switch r {
    71  	case Unspecified,
    72  		KeyCompromise,
    73  		Superseded,
    74  		CessationOfOperation:
    75  		return true
    76  	}
    77  	return false
    78  }
    79  
    80  // AdminAllowedReason returns true if the given Reason is in the subset of
    81  // Reasons which admins (i.e. people acting in CA Trusted Roles) are allowed
    82  // to request. Reasons which do *not* appear here are those which are defined
    83  // by RFC 5280 but are disallowed by the Baseline Requirements.
    84  func AdminAllowedReason(r Reason) bool {
    85  	switch r {
    86  	case Unspecified,
    87  		KeyCompromise,
    88  		Superseded,
    89  		CessationOfOperation,
    90  		PrivilegeWithdrawn:
    91  		return true
    92  	}
    93  	return false
    94  }