// First check that the whole chain is included and the responderId is keyHash
OCSPCAServiceRequest ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", true);
ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_KEYHASH);
OCSPCAServiceResponse response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
BasicOCSPResp basicResp = response.getBasicOCSPResp();
X509Certificate[] respCerts = basicResp.getCerts("BC");
assertEquals(3, respCerts.length); // Certificate chain included
RespID respId = basicResp.getResponderId();
RespID testKeyHash = new RespID(racert.getPublicKey());
RespID testName = new RespID(racert.getSubjectX500Principal());
assertEquals(respId, testKeyHash);
assertFalse(respId.equals(testName));
// Second check that the whole chain is NOT included and the responderId is Name
ocspServiceReq = new OCSPCAServiceRequest(req, responseList, null, "SHA1WithRSA;SHA1WithDSA;SHA1WithECDSA", false);
ocspServiceReq.setRespIdType(OcspConfiguration.RESPONDERIDTYPE_NAME);
response = OCSPUtil.createOCSPCAServiceResponse(ocspServiceReq, privKey, providerName, certChain);
basicResp = response.getBasicOCSPResp();
respCerts = basicResp.getCerts("BC");
assertEquals(1, respCerts.length); // Certificate chain included
respId = basicResp.getResponderId();
assertFalse(respId.equals(testKeyHash));
assertEquals(respId, testName);
// Third do some verification
basicResp.verify(racert.getPublicKey(), "BC");
SingleResp[] responses = basicResp.getResponses();
assertEquals(1, responses.length);
SingleResp resp = responses[0];
CertificateID myid = resp.getCertID();
assertEquals(certId, myid);
}