TrustedResponders (6.0 API Documentation)

java.lang.Object
- iaik.x509.ocsp.utils.TrustedResponders

```
public class TrustedResponders
extends java.lang.Object
```
A simple repository for mapping trust between responders to ca certificates.
If a basic OCSP response is not signed by the same issuer that has signed the target certificate the OCSP client has to check if the response signer is authorized to sign the response. In this case the certificate of the response signer has to be issued by the issuer of the target certificate and has to contain the ExtendedKeyUsage extension indicating the id-kp-OCSPSigning purpose.
This class provides a simple mechanism allowing to specify the set of CAs for which each responder is trusted.
An OCSP Responder is identified by its ResponderID. When calling method addTrustedResponderEntry supply the ID of the responder in mind and a CA certificate which has authorized this responder for signing the response, e.g.:
```
 // targetCerts[0] contains the certificate for which revocation information shall be requested
 // targetCerts[0] is signed by targetCerts[1]
 X509Certificate[] targetCerts = ...;
 // responder cert is the cert used by the responder for signing a response
 X509Certificate responderCert = ...;
 // we want to trust this responder for signing responses for certs issued by targetCerts[1]
 TrustedResponders trustedResponders = new TrustedResponders();
 ResponderID responderID = new ResponderID((Name)responderCert.getSubjectDN());
 trustedResponders.addTrustedResponderEntry(responderID, targetCerts[1]);
 
```
Note: this class provides a very simple trust repository utility maintained by a hashtable with one entry for each particular responderID. Each responder entry has its trusted CA certificates attached; so one CA certificate may appear repeatedly (e.g. for responder 1 and responder 2,...). An application may which to implement a more comprehensive strategy.
Version:

File Revision 9

Constructor Summary

Constructors
Constructor and Description

TrustedResponders()
Default constructor.

Constructors
Constructor and Description
`TrustedResponders()` Default constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`addTrustedResponderEntry(ResponderID responderID, X509Certificate caCert)` Trust the given reponderID for signing responses for certs issued by the given CA.
`void`	`clearAllEntries()` Clear all entries.
`boolean`	`isTrustedResponder(ResponderID responderID, X509Certificate responderCert, X509Certificate caCert)` Checks if we can trust the given responder for signing responses for certs issued by the given CA.
`boolean`	`removeTrustedResponder(ResponderID responderID)` Removes the given responder from the trust repository.
`boolean`	`removeTrustedResponderEntry(ResponderID responderID, X509Certificate caCert)` Do not longer trust the given responder for signing responses for certs issued by the given CA cert.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - TrustedResponders
```
public TrustedResponders()
```
    Default constructor. Creates an empty repository.
- Method Detail
  - addTrustedResponderEntry
```
public boolean addTrustedResponderEntry(ResponderID responderID,
                               X509Certificate caCert)
```
    Trust the given reponderID for signing responses for certs issued by the given CA.
    
    Parameters:
    responderID - the ID of the responder to trust for signing responses for certs issued by the given CA cert
    caCert - responses for certs issued by this CA cert can be signed by the given responder
    
    Returns:
    true if the entry has been added, false if it has been not added (because already included)
  - removeTrustedResponder
```
public boolean removeTrustedResponder(ResponderID responderID)
```
    Removes the given responder from the trust repository. This action may indicate not to trust this resonder if its cert is not equal to the CA cert that has issued the target cert.
    
    Parameters:
    responderID - the ID of the responder to remove
    
    Returns:
    true if the responder has been removed, false if not (because there was no such responder set)
  - removeTrustedResponderEntry
```
public boolean removeTrustedResponderEntry(ResponderID responderID,
                                  X509Certificate caCert)
```
    Do not longer trust the given responder for signing responses for certs issued by the given CA cert.
    
    Parameters:
    responderID - the ID of the responder not to trust longer for signing responses for certs issued by the given CA cert
    caCert - responses for certs issued by this CA cert cannot be signed by the given responder
    
    Returns:
    true if the entry has been removed, false if not (because there was no such entry)
  - isTrustedResponder
```
public boolean isTrustedResponder(ResponderID responderID,
                         X509Certificate responderCert,
                         X509Certificate caCert)
```
    Checks if we can trust the given responder for signing responses for certs issued by the given CA. This method checks if a for the given responderID a CA cert is in the cache. If yes, the given responder cert has to be issued by the given CA cert.
    
    Parameters:
    responderID - the ID of the resonder in mind
    caCert - the CA cert
    responderCert - the cert of the responder
    
    Returns:
    true if we can trust the given responder for signing responses for certs issued by the given CA, false if not
  - clearAllEntries
```
public void clearAllEntries()
```
    Clear all entries.

Class TrustedResponders

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

TrustedResponders

Method Detail

addTrustedResponderEntry

removeTrustedResponder

removeTrustedResponderEntry

isTrustedResponder

clearAllEntries