MultiOCSPLocalRevocationChecker ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.x509.revocation.MultiOCSPLocalRevocationChecker

All Implemented Interfaces:

RevocationChecker
```
public class MultiOCSPLocalRevocationChecker
extends java.lang.Object
implements RevocationChecker
```
MultiOCSPRevocationChecker is a table for mapping CA Names to OCSP Configurations.
The mapping between the CA Name and OCSPConfiguration is used to efficiently choose which OCSP responder should be used to check the revocation status of the certificate in question. Any number of responders may be mapped to a given CA Name. If more than one OCSPConfiguration is mapped to a CA Name, then the OCSP revocation will be checked in the order the OCSPConfiguration was added.
A MultiOCSPLocalRevocationChecker is created by looping through the list of provisioned CA Name's for each supplied OCSPConfiguration. An OCSPRevocationChecker is created for each OCSPConfiguration and each CA Name is used as the key which maps to the OCSPRevocationChecker. This represents a single CA which can use a number of different responders to check for revocation.
If a supplied OCSPConfiguration does not contain any provisioned CA Names, then an OCSPRevocationChecker will be created which can be used to check revocation for all OCSP requests. If there are multiple OCSPConfigurations which do not contain any provisioned CA Names, then each one can be used to check revocation for all OCSP requests. These configurations will be checked in the order they were added.
When searching for revocation of a certificate, the IssuerDN of the certificate in question is used to find a responder (or list of responders) which can be used to check revocation. Therefore, this table of Issuer Names mapped to OCSPRevocationCheckers provides an efficient lookup mechanism.
This object can be thought of as a reverse-mapping of the OCSPRevocationChecker which is a mapping of an OCSPConfiguration to a list of CA Names.

Field Summary
- Fields inherited from interface com.entrust.toolkit.x509.revocation.RevocationChecker
  LOG

Constructor Summary

Constructors
Constructor and Description
`MultiOCSPLocalRevocationChecker(OCSPConfiguration[] ocspconfigs, KeyAndCertContainer keyAndCertSource, ValidationInfo validationInfo)` Creates a MultiOCSPLocalRevocationChecker object.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`check(X509Certificate cert)` This method checks revocation of the given certificate.
`void`	`check(X509Certificate[] chain)` This method checks revocation of the given certificate chain.
`void`	`check(X509Certificate cert, X509Certificate[] chain)` This method checks revocation of the given certificate.
`void`	`check(X509Certificate cert, X509Certificate[] chain, int position)` This method checks revocation of the given certificate.
`OCSPRevocationChecker[]`	`getCAMappings(Name cadn)` Get a list of OCSPConfigurations which are mapped by the specified Name.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - MultiOCSPLocalRevocationChecker
```
public MultiOCSPLocalRevocationChecker(OCSPConfiguration[] ocspconfigs,
                               KeyAndCertContainer keyAndCertSource,
                               ValidationInfo validationInfo)
```
    Creates a MultiOCSPLocalRevocationChecker object. The purpose of this object is to group together an array of OCSPConfiguration for more efficient OCSP revocation checking.
    A MultiOCSPLocalRevocationChecker is created by looping through the list of provisioned CA Name's for each supplied OCSPConfiguration. An OCSPRevocationChecker is created for each OCSPConfiguration and each CA Name is used as the key which maps to the OCSPRevocationChecker. There can be many OCSPRevocationCheckers mapped to one CA Name. This represents a single CA which can use a number of different responders to check for revocation.
    If a supplied OCSPConfiguration does not contain any provision CA Names, then an OCSPRevocationChecker will be created which can be used to check revocation for all OCSP requests.
    This object therefore represents a reverse-mapping of the OCSPRevocationChecker which is a mapping of an OCSPConfiguration to a list of CA Names.
    When searching for revocation of a certificate, the IssuerDN of the certificate in question is used to find a responder (or list of responders) which can be used to check revocation. Therefore, this table of Issuer Names mapped to OCSPRevocationCheckers provides an efficient lookup mechanism.
    
    Parameters:
    ocspconfigs -
    keyAndCertSource -
    validationInfo -
- Method Detail
  - check
```
public void check(X509Certificate[] chain)
           throws CertificationException
```
    This method checks revocation of the given certificate chain. Revocation is checked using the following procedures:
    1. Starting at the end of the chain, revocation of each certificate in the chain is checked.
    2. For each certificate being checked for revocation, this object finds the list of OCSPRevocationChecker objects which have been configured by doing a table lookup based on the IssuerDN of the certificate being checked.
    3. Each OCSPRevocationChecker found in 2 will be used to check for revocation information until one of the following conditions is met:
    - Revocation status is okay - method returns
    - Revocation status is revoked - revocation exception is thrown
    4. If there were no OCSPRevocationCheckers mapped to the IssuerDN of the certificate in question, or revocation could not be found using the mapped OCSPRevocationCheckers, then the list of OCSPRevocationChecker which can be used to search for all certificates will be used to try and find revocation information.
    5. If there were no default OCSPRevocationCheckers that can be used to check revocation for all certificates, or revocation could not be found using the default OCSPRevocationChecker list, then a CertificationException is thrown.
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    chain - the chain of certificates to be checked for revocation
    
    Throws:
    
    RevocationException - if a certificate in the chain is revoked
    
    CertificationException - if revocation status could not be found
  - check
```
public void check(X509Certificate cert,
         X509Certificate[] chain)
           throws CertificationException
```
    This method checks revocation of the given certificate. Revocation is checked using the following procedures:
    1. This object finds the list of OCSPRevocationChecker objects which have been configured by doing a table lookup based on the IssuerDN of the certificate being checked.
    2. Each OCSPRevocationChecker found will be used to check revocation information until one of the following conditions is met:
    - Revocation status is okay - method returns
    - Revocation status is revoked - revocation exception is thrown
    3. If there were no OCSPRevocationCheckers mapped to the IssuerDN of the certificate in question, or revocation could not be found using the mapped OCSPRevocationCheckers, then the list of OCSPRevocationChecker which can be used to search for all certificates will be used to try and find revocation information.
    4. If there were no default OCSPRevocationCheckers that can be used to check revocation for all certificates, or revocation could not be found using the default OCSPRevocationChecker list, then a CertificationException is thrown.
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    chain - the full chain of certificates which includes cert
    
    Throws:
    
    RevocationException - if a certificate in the chain is revoked
    
    CertificationException - if revocation status could not be found
  - check
```
public void check(X509Certificate cert,
         X509Certificate[] chain,
         int position)
           throws CertificationException
```
    This method checks revocation of the given certificate. Specifying the position in the chain certificate appears may help to speed up revocation checking. Revocation is checked using the following procedures:
    1. This object finds the list of OCSPRevocationChecker objects which have been configured by doing a table lookup based on the IssuerDN of the certificate being checked.
    2. Each OCSPRevocationChecker found will be used to check revocation information until one of the following conditions is met:
    - Revocation status is okay - method returns
    - Revocation status is revoked - revocation exception is thrown
    3. If there were no OCSPRevocationCheckers mapped to the IssuerDN of the certificate in question, or revocation could not be found using the mapped OCSPRevocationCheckers, then the list of OCSPRevocationChecker which can be used to search for all certificates will be used to try and find revocation information.
    4. If there were no default OCSPRevocationCheckers that can be used to check revocation for all certificates, or revocation could not be found using the default OCSPRevocationChecker list, then a CertificationException is thrown.
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    chain - the full chain of certificates which includes cert
    position - in the chain which cert exists.
    
    Throws:
    
    RevocationException - if a certificate in the chain is revoked
    
    CertificationException - if revocation status could not be found
  - check
```
public void check(X509Certificate cert)
           throws CertificationException
```
    This method checks revocation of the given certificate. Revocation is checked using the following procedures:
    1. This object finds the list of OCSPRevocationChecker objects which have been configured by doing a table lookup based on the IssuerDN of the certificate being checked.
    2. Each OCSPRevocationChecker found will be used to check revocation information until one of the following conditions is met:
    - Revocation status is okay - method returns
    - Revocation status is revoked - revocation exception is thrown
    3. If there were no OCSPRevocationCheckers mapped to the IssuerDN of the certificate in question, or revocation could not be found using the mapped OCSPRevocationCheckers, then the list of OCSPRevocationChecker which can be used to search for all certificates will be used to try and find revocation information.
    4. If there were no default OCSPRevocationCheckers that can be used to check revocation for all certificates, or revocation could not be found using the default OCSPRevocationChecker list, then a CertificationException is thrown.
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    
    Throws:
    
    RevocationException - if a certificate in the chain is revoked
    
    CertificationException - if revocation status could not be found
  - getCAMappings
```
public OCSPRevocationChecker[] getCAMappings(Name cadn)
```
    Get a list of OCSPConfigurations which are mapped by the specified Name.
    
    Parameters:
    cadn - the Name which is mapped to the list of OCSPConfigurations
    
    Returns:
    An array of OCSPRevocationChecker[] or null

Class MultiOCSPLocalRevocationChecker

Field Summary

Fields inherited from interface com.entrust.toolkit.x509.revocation.RevocationChecker

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

MultiOCSPLocalRevocationChecker

Method Detail

check

check

check

check

getCAMappings