NamespaceCheckingMode.java

/*
 * Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE file for licensing information.
 */
package eu.emi.security.authn.x509;

import eu.emi.security.authn.x509.impl.OpensslCertChainValidator;

/**
 * Used to define the CA namespace checking mode.
 * 
 * @author K. Benedyczak
 * @see OpensslCertChainValidator
 */
public enum NamespaceCheckingMode
{
	/**
	 * A Globus EACL is checked first. If found for the issuing CA then it is used and enforced.
	 * If not found then EuGridPMA namespaces definition is searched. If found for the issuing CA 
	 * then it is enforced.
	 * If no definition is present then namespaces check is considered to be passed.
	 */
	GLOBUS_EUGRIDPMA,
	
	/**
	 * An EuGridPMA namespaces definition is checked first. If found for the issuing CA then it is enforced.
	 * If not found then Globus EACL definition is searched. If found for the issuing CA 
	 * then it is enforced.
	 * If no definition is present then namespaces check is considered to be passed.
	 */
	EUGRIDPMA_GLOBUS, 
	
	/**
	 * A Globus EACL is checked only. If found for the issuing CA then it is used and enforced.
	 * If no definition is present then namespaces check is considered to be passed.
	 */
	GLOBUS,
	
	/**
	 * An EuGridPMA namespaces definition is checked only. If found for the issuing CA then it is enforced.
	 * If no definition is present then namespaces check is considered to be passed.
	 */
	EUGRIDPMA, 

	/**
	 * A Globus EACL is checked first. If found for the issuing CA then it is used and enforced.
	 * If not found then EuGridPMA namespaces definition is searched. If found for the issuing CA 
	 * then it is enforced.
	 * If no definition is present then namespaces check is considered to be failed.
	 */
	GLOBUS_EUGRIDPMA_REQUIRE,
	
	/**
	 * An EuGridPMA namespaces definition is checked first. If found for the issuing CA then it is enforced.
	 * If not found then Globus EACL definition is searched. If found for the issuing CA 
	 * then it is enforced.
	 * If no definition is present then namespaces check is considered to be failed.
	 */
	EUGRIDPMA_GLOBUS_REQUIRE, 
	
	/**
	 * A Globus EACL is checked only. If found for the issuing CA then it is used and enforced.
	 * If no definition is present then namespaces check is considered to be failed.
	 */
	GLOBUS_REQUIRE,
	
	/**
	 * An EuGridPMA namespaces definition is checked only. If found for the issuing CA then it is enforced.
	 * If no definition is present then namespaces check is considered to be failed.
	 */
	EUGRIDPMA_REQUIRE, 

	/**
	 * Both EuGridPMA namespaces definition and Globus EACL are enforced for the issuer.
	 * If no definition is present then namespaces check is considered to be passed.
	 */
	EUGRIDPMA_AND_GLOBUS,
	
	/**
	 * Both EuGridPMA namespaces definition and Globus EACL are enforced for the issuer.
	 * If no definition is present then namespaces check is considered to be failed.
	 */
	EUGRIDPMA_AND_GLOBUS_REQUIRE, 
	
	/**
	 * CA namespaces are fully ignored, even if present. 
	 */
	IGNORE;
	
	public boolean globusEnabled()
	{
		return !(this == IGNORE || this == EUGRIDPMA || this == EUGRIDPMA_REQUIRE);
	}
	
	public boolean euGridPmaEnabled()
	{
		return !(this == IGNORE || this == GLOBUS || this == GLOBUS_REQUIRE);
	}
	
	public boolean isRequired()
	{
		return this == GLOBUS_REQUIRE || this == EUGRIDPMA_REQUIRE || this == EUGRIDPMA_GLOBUS_REQUIRE ||
				this == GLOBUS_EUGRIDPMA_REQUIRE || this == EUGRIDPMA_AND_GLOBUS_REQUIRE;
	}

	public boolean isGlobusFirst()
	{
		return this == GLOBUS_REQUIRE || this == GLOBUS_EUGRIDPMA_REQUIRE || 
				this == GLOBUS || this == GLOBUS_EUGRIDPMA;
	}
}