summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-12-07 00:14:00 -0500
committerAde Lee <alee@redhat.com>2012-12-07 01:02:09 -0500
commitcbfdae84f511ae526f1e7e29f71e7f60eef96094 (patch)
treec045a5e4b53db2bc1bc7507d394b47ccb99cb3b6
parent9996d71e1a4fb7a8ca6752b83e4f2393dbefa76b (diff)
downloadpki-cbfdae84f511ae526f1e7e29f71e7f60eef96094.tar.gz
pki-cbfdae84f511ae526f1e7e29f71e7f60eef96094.tar.xz
pki-cbfdae84f511ae526f1e7e29f71e7f60eef96094.zip
Remove server code from CertSearchRequest
Ticket #418
-rw-r--r--base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java5
-rw-r--r--base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java308
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/CertService.java4
-rw-r--r--base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java332
4 files changed, 337 insertions, 312 deletions
diff --git a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
index 59293e81c..33dcfdfee 100644
--- a/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
+++ b/base/ca/functional/src/com/netscape/cms/servlet/test/CATest.java
@@ -51,6 +51,7 @@ import com.netscape.certsrv.profile.ProfileDataInfos;
import com.netscape.certsrv.profile.ProfileInput;
import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestNotFoundException;
+import com.netscape.cms.servlet.cert.FilterBuilder;
public class CATest {
@@ -234,7 +235,7 @@ public class CATest {
infos = client.searchCerts(searchData);
- printCertInfos(infos, searchData.buildFilter());
+ printCertInfos(infos, new FilterBuilder(searchData).buildFilter());
// Try to get a non existing request
@@ -260,7 +261,7 @@ public class CATest {
infos = client.searchCerts(searchData);
- printCertInfos(infos, searchData.buildFilter());
+ printCertInfos(infos, new FilterBuilder(searchData).buildFilter());
//Get a list of Profiles
diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
index 29e36f7fe..21ceaeee0 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
@@ -21,8 +21,6 @@
package com.netscape.certsrv.cert;
import java.io.Reader;
-import java.util.Calendar;
-import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.MultivaluedMap;
@@ -34,8 +32,6 @@ import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
/**
* @author jmagne
*
@@ -44,7 +40,6 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
@XmlAccessorType(XmlAccessType.FIELD)
public class CertSearchRequest {
- private final static String MATCH_EXACTLY = "exact";
//Serial Number
@XmlElement
protected boolean serialNumberRangeInUse;
@@ -555,309 +550,6 @@ public class CertSearchRequest {
public CertSearchRequest(MultivaluedMap<String, String> form) {
}
- public String buildFilter() {
- StringBuffer filter = new StringBuffer();
- buildSerialNumberRangeFilter(filter);
- buildSubjectFilter(filter);
- buildRevokedByFilter(filter);
- buildRevokedOnFilter(filter);
- buildRevocationReasonFilter(filter);
- buildIssuedByFilter(filter);
- buildIssuedOnFilter(filter);
- buildValidNotBeforeFilter(filter);
- buildValidNotAfterFilter(filter);
- buildValidityLengthFilter(filter);
- buildCertTypeFilter(filter);
-
- searchFilter = filter.toString();
-
- if (searchFilter != null && !searchFilter.equals("")) {
- searchFilter = "(&" + searchFilter + ")";
- }
-
- return searchFilter;
- }
-
- private void buildSerialNumberRangeFilter(StringBuffer filter) {
-
- if (!getSerialNumberRangeInUse()) {
- return;
- }
- boolean changed = false;
- String serialFrom = getSerialFrom();
- if (serialFrom != null && !serialFrom.equals("")) {
- filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")");
- changed = true;
- }
- String serialTo = getSerialTo();
- if (serialTo != null && !serialTo.equals("")) {
- filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")");
- changed = true;
- }
- if (!changed) {
- filter.append("(certRecordId=*)");
- }
-
- }
-
- private void buildSubjectFilter(StringBuffer filter) {
- if (!getSubjectInUse()) {
- return;
- }
- StringBuffer lf = new StringBuffer();
-
- String matchStr = null;
- boolean match = getMatchExactly();
-
- if (match == true) {
- matchStr = MATCH_EXACTLY;
- }
-
- buildAVAFilter(getEmail(), "E", lf, matchStr);
- buildAVAFilter(getCommonName(), "CN", lf, matchStr);
- buildAVAFilter(getUserID(), "UID", lf, matchStr);
- buildAVAFilter(getOrgUnit(), "OU", lf, matchStr);
- buildAVAFilter(getOrg(), "O", lf, matchStr);
- buildAVAFilter(getLocality(), "L", lf, matchStr);
- buildAVAFilter(getState(), "ST", lf, matchStr);
- buildAVAFilter(getCountry(), "C", lf, matchStr);
-
- if (lf.length() == 0) {
- filter.append("(x509cert.subject=*)");
- return;
- }
- if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) {
- filter.append("(&");
- filter.append(lf);
- filter.append(")");
- } else {
- filter.append("(|");
- filter.append(lf);
- filter.append(")");
- }
- }
-
- private void buildRevokedByFilter(StringBuffer filter) {
- if (!getRevokedByInUse()) {
- return;
- }
-
- String revokedBy = getRevokedBy();
- if (revokedBy == null || revokedBy.equals("")) {
- filter.append("(certRevokedBy=*)");
- } else {
- filter.append("(certRevokedBy=");
- filter.append(LDAPUtil.escapeFilter(revokedBy));
- filter.append(")");
- }
- }
-
- private void buildDateFilter(String prefix,
- String outStr, long adjustment,
- StringBuffer filter) {
- if (prefix == null || prefix.length() == 0) return;
- long epoch = 0;
- try {
- epoch = Long.parseLong(prefix);
- } catch (NumberFormatException e) {
- // exception safely ignored
- }
- Calendar from = Calendar.getInstance();
- from.setTimeInMillis(epoch);
- filter.append("(");
- filter.append(LDAPUtil.escapeFilter(outStr));
- filter.append(Long.toString(from.getTimeInMillis() + adjustment));
- filter.append(")");
- }
-
- private void buildRevokedOnFilter(StringBuffer filter) {
- if (!getRevokedOnInUse()) {
- return;
- }
- buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter);
- buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter);
- }
-
- private void buildRevocationReasonFilter(StringBuffer filter) {
- if (!getRevocationReasonInUse()) {
- return;
- }
- String reasons = getRevocationReason();
- if (reasons == null) {
- return;
- }
- String queryCertFilter = null;
- StringTokenizer st = new StringTokenizer(reasons, ",");
- if (st.hasMoreTokens()) {
- filter.append("(|");
- while (st.hasMoreTokens()) {
- String token = st.nextToken();
- if (queryCertFilter == null) {
- queryCertFilter = "";
- }
- filter.append("(x509cert.certRevoInfo=");
- filter.append(LDAPUtil.escapeFilter(token));
- filter.append(")");
- }
- filter.append(")");
- }
- }
-
- private void buildIssuedByFilter(StringBuffer filter) {
- if (!getIssuedByInUse()) {
- return;
- }
- String issuedBy = getIssuedBy();
- if (issuedBy == null || issuedBy.equals("")) {
- filter.append("(certIssuedBy=*)");
- } else {
- filter.append("(certIssuedBy=");
- filter.append(LDAPUtil.escapeFilter(issuedBy));
- filter.append(")");
- }
- }
-
- private void buildIssuedOnFilter(StringBuffer filter) {
- if (!getIssuedOnInUse()) {
- return;
- }
- buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter);
- buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter);
- }
-
- private void buildValidNotBeforeFilter(StringBuffer filter) {
- if (!getValidNotBeforeInUse()) {
- return;
- }
- buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter);
- buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter);
-
- }
-
- private void buildValidNotAfterFilter(StringBuffer filter) {
- if (!getValidNotAfterInUse()) {
- return;
- }
- buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter);
- buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter);
-
- }
-
- private void buildValidityLengthFilter(StringBuffer filter) {
- if (!getValidityLengthInUse()) {
- return;
- }
- String op = getValidityOperation();
- long count = 0;
- try {
- count = Long.parseLong(getValidityCount());
- } catch (NumberFormatException e) {
- // safely ignore
- }
- long unit = 0;
- try {
- unit = Long.parseLong(getValidityUnit());
- } catch (NumberFormatException e) {
- // safely ignore
- }
- filter.append("(");
- filter.append("x509cert.duration");
- filter.append(LDAPUtil.escapeFilter(op));
- filter.append(count * unit);
- filter.append(")");
- }
-
- private void buildCertTypeFilter(StringBuffer filter) {
- if (!getCertTypeInUse()) {
- return;
- }
- if (isOn(getCertTypeSSLClient())) {
- filter.append("(x509cert.nsExtension.SSLClient=on)");
- } else if (isOff(getCertTypeSSLClient())) {
- filter.append("(x509cert.nsExtension.SSLClient=off)");
- }
- if (isOn(getCertTypeSSLServer())) {
- filter.append("(x509cert.nsExtension.SSLServer=on)");
- } else if (isOff(getCertTypeSSLServer())) {
- filter.append("(x509cert.nsExtension.SSLServer=off)");
- }
- if (isOn(getCertTypeSecureEmail())) {
- filter.append("(x509cert.nsExtension.SecureEmail=on)");
- } else if (isOff(getCertTypeSecureEmail())) {
- filter.append("(x509cert.nsExtension.SecureEmail=off)");
- }
- if (isOn(getCertTypeSubSSLCA())) {
- filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
- } else if (isOff(getCertTypeSubSSLCA())) {
- filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
- }
- if (isOn(getCertTypeSubEmailCA())) {
- filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
- } else if (isOff(getCertTypeSubEmailCA())) {
- filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
- }
- }
-
- private boolean isOn(String value) {
- String inUse = value;
- if (inUse == null) {
- return false;
- }
- if (inUse.equals("on")) {
- return true;
- }
- return false;
- }
-
- private boolean isOff(String value) {
- String inUse = value;
- if (inUse == null) {
- return false;
- }
- if (inUse.equals("off")) {
- return true;
- }
- return false;
- }
-
- private void buildAVAFilter(String param,
- String avaName, StringBuffer lf, String match) {
- if (param != null && !param.equals("")) {
- if (match != null && match.equals(MATCH_EXACTLY)) {
- lf.append("(|");
- lf.append("(x509cert.subject=*");
- lf.append(avaName);
- lf.append("=");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
- lf.append(",*)");
- lf.append("(x509cert.subject=*");
- lf.append(avaName);
- lf.append("=");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
- lf.append(")");
- lf.append(")");
- } else {
- lf.append("(x509cert.subject=*");
- lf.append(avaName);
- lf.append("=");
- lf.append("*");
- lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
- lf.append("*)");
- }
- }
-
- }
-
- private String searchFilter = null;
-
- public String getSearchFilter() {
- return searchFilter;
- }
-
- public void setSearchFilter(String searchFilter) {
- this.searchFilter = searchFilter;
- }
-
public static CertSearchRequest valueOf(Reader reader) throws JAXBException {
JAXBContext context = JAXBContext.newInstance(CertSearchRequest.class);
Unmarshaller unmarshaller = context.createUnmarshaller();
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
index e4a6fc994..12942aee6 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
@@ -311,8 +311,8 @@ public class CertService extends PKIService implements CertResource {
if (data == null) {
return null;
}
-
- return data.buildFilter();
+ FilterBuilder builder = new FilterBuilder(data);
+ return builder.buildFilter();
}
@Override
diff --git a/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java
new file mode 100644
index 000000000..cb6ac13e6
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/FilterBuilder.java
@@ -0,0 +1,332 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cms.servlet.cert;
+
+import java.util.Calendar;
+import java.util.StringTokenizer;
+
+import com.netscape.certsrv.cert.CertSearchRequest;
+import com.netscape.cmsutil.ldap.LDAPUtil;
+
+/**
+ * @author jmagne
+ *
+ */
+public class FilterBuilder {
+ private final static String MATCH_EXACTLY = "exact";
+ private String searchFilter = null;
+ private CertSearchRequest request = null;
+
+ public FilterBuilder(CertSearchRequest request) {
+ this.request = request;
+ }
+
+ public String buildFilter() {
+ StringBuffer filter = new StringBuffer();
+ buildSerialNumberRangeFilter(filter);
+ buildSubjectFilter(filter);
+ buildRevokedByFilter(filter);
+ buildRevokedOnFilter(filter);
+ buildRevocationReasonFilter(filter);
+ buildIssuedByFilter(filter);
+ buildIssuedOnFilter(filter);
+ buildValidNotBeforeFilter(filter);
+ buildValidNotAfterFilter(filter);
+ buildValidityLengthFilter(filter);
+ buildCertTypeFilter(filter);
+
+ searchFilter = filter.toString();
+
+ if (searchFilter != null && !searchFilter.equals("")) {
+ searchFilter = "(&" + searchFilter + ")";
+ }
+
+ return searchFilter;
+ }
+
+ private void buildSerialNumberRangeFilter(StringBuffer filter) {
+
+ if (!request.getSerialNumberRangeInUse()) {
+ return;
+ }
+ boolean changed = false;
+ String serialFrom = request.getSerialFrom();
+ if (serialFrom != null && !serialFrom.equals("")) {
+ filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")");
+ changed = true;
+ }
+ String serialTo = request.getSerialTo();
+ if (serialTo != null && !serialTo.equals("")) {
+ filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")");
+ changed = true;
+ }
+ if (!changed) {
+ filter.append("(certRecordId=*)");
+ }
+
+ }
+
+ private void buildSubjectFilter(StringBuffer filter) {
+ if (!request.getSubjectInUse()) {
+ return;
+ }
+ StringBuffer lf = new StringBuffer();
+
+ String matchStr = null;
+ boolean match = request.getMatchExactly();
+
+ if (match == true) {
+ matchStr = MATCH_EXACTLY;
+ }
+
+ buildAVAFilter(request.getEmail(), "E", lf, matchStr);
+ buildAVAFilter(request.getCommonName(), "CN", lf, matchStr);
+ buildAVAFilter(request.getUserID(), "UID", lf, matchStr);
+ buildAVAFilter(request.getOrgUnit(), "OU", lf, matchStr);
+ buildAVAFilter(request.getOrg(), "O", lf, matchStr);
+ buildAVAFilter(request.getLocality(), "L", lf, matchStr);
+ buildAVAFilter(request.getState(), "ST", lf, matchStr);
+ buildAVAFilter(request.getCountry(), "C", lf, matchStr);
+
+ if (lf.length() == 0) {
+ filter.append("(x509cert.subject=*)");
+ return;
+ }
+ if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) {
+ filter.append("(&");
+ filter.append(lf);
+ filter.append(")");
+ } else {
+ filter.append("(|");
+ filter.append(lf);
+ filter.append(")");
+ }
+ }
+
+ private void buildRevokedByFilter(StringBuffer filter) {
+ if (!request.getRevokedByInUse()) {
+ return;
+ }
+
+ String revokedBy = request.getRevokedBy();
+ if (revokedBy == null || revokedBy.equals("")) {
+ filter.append("(certRevokedBy=*)");
+ } else {
+ filter.append("(certRevokedBy=");
+ filter.append(LDAPUtil.escapeFilter(revokedBy));
+ filter.append(")");
+ }
+ }
+
+ private void buildDateFilter(String prefix,
+ String outStr, long adjustment,
+ StringBuffer filter) {
+ if (prefix == null || prefix.length() == 0) return;
+ long epoch = 0;
+ try {
+ epoch = Long.parseLong(prefix);
+ } catch (NumberFormatException e) {
+ // exception safely ignored
+ }
+ Calendar from = Calendar.getInstance();
+ from.setTimeInMillis(epoch);
+ filter.append("(");
+ filter.append(LDAPUtil.escapeFilter(outStr));
+ filter.append(Long.toString(from.getTimeInMillis() + adjustment));
+ filter.append(")");
+ }
+
+ private void buildRevokedOnFilter(StringBuffer filter) {
+ if (!request.getRevokedOnInUse()) {
+ return;
+ }
+ buildDateFilter(request.getRevokedOnFrom(), "certRevokedOn>=", 0, filter);
+ buildDateFilter(request.getRevokedOnTo(), "certRevokedOn<=", 86399999, filter);
+ }
+
+ private void buildRevocationReasonFilter(StringBuffer filter) {
+ if (!request.getRevocationReasonInUse()) {
+ return;
+ }
+ String reasons = request.getRevocationReason();
+ if (reasons == null) {
+ return;
+ }
+ String queryCertFilter = null;
+ StringTokenizer st = new StringTokenizer(reasons, ",");
+ if (st.hasMoreTokens()) {
+ filter.append("(|");
+ while (st.hasMoreTokens()) {
+ String token = st.nextToken();
+ if (queryCertFilter == null) {
+ queryCertFilter = "";
+ }
+ filter.append("(x509cert.certRevoInfo=");
+ filter.append(LDAPUtil.escapeFilter(token));
+ filter.append(")");
+ }
+ filter.append(")");
+ }
+ }
+
+ private void buildIssuedByFilter(StringBuffer filter) {
+ if (!request.getIssuedByInUse()) {
+ return;
+ }
+ String issuedBy = request.getIssuedBy();
+ if (issuedBy == null || issuedBy.equals("")) {
+ filter.append("(certIssuedBy=*)");
+ } else {
+ filter.append("(certIssuedBy=");
+ filter.append(LDAPUtil.escapeFilter(issuedBy));
+ filter.append(")");
+ }
+ }
+
+ private void buildIssuedOnFilter(StringBuffer filter) {
+ if (!request.getIssuedOnInUse()) {
+ return;
+ }
+ buildDateFilter(request.getIssuedOnFrom(), "certCreateTime>=", 0, filter);
+ buildDateFilter(request.getIssuedOnTo(), "certCreateTime<=", 86399999, filter);
+ }
+
+ private void buildValidNotBeforeFilter(StringBuffer filter) {
+ if (!request.getValidNotBeforeInUse()) {
+ return;
+ }
+ buildDateFilter(request.getValidNotBeforeFrom(), "x509cert.notBefore>=", 0, filter);
+ buildDateFilter(request.getValidNotBeforeTo(), "x509cert.notBefore<=", 86399999, filter);
+
+ }
+
+ private void buildValidNotAfterFilter(StringBuffer filter) {
+ if (!request.getValidNotAfterInUse()) {
+ return;
+ }
+ buildDateFilter(request.getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter);
+ buildDateFilter(request.getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter);
+
+ }
+
+ private void buildValidityLengthFilter(StringBuffer filter) {
+ if (!request.getValidityLengthInUse()) {
+ return;
+ }
+ String op = request.getValidityOperation();
+ long count = 0;
+ try {
+ count = Long.parseLong(request.getValidityCount());
+ } catch (NumberFormatException e) {
+ // safely ignore
+ }
+ long unit = 0;
+ try {
+ unit = Long.parseLong(request.getValidityUnit());
+ } catch (NumberFormatException e) {
+ // safely ignore
+ }
+ filter.append("(");
+ filter.append("x509cert.duration");
+ filter.append(LDAPUtil.escapeFilter(op));
+ filter.append(count * unit);
+ filter.append(")");
+ }
+
+ private void buildCertTypeFilter(StringBuffer filter) {
+ if (!request.getCertTypeInUse()) {
+ return;
+ }
+ if (isOn(request.getCertTypeSSLClient())) {
+ filter.append("(x509cert.nsExtension.SSLClient=on)");
+ } else if (isOff(request.getCertTypeSSLClient())) {
+ filter.append("(x509cert.nsExtension.SSLClient=off)");
+ }
+ if (isOn(request.getCertTypeSSLServer())) {
+ filter.append("(x509cert.nsExtension.SSLServer=on)");
+ } else if (isOff(request.getCertTypeSSLServer())) {
+ filter.append("(x509cert.nsExtension.SSLServer=off)");
+ }
+ if (isOn(request.getCertTypeSecureEmail())) {
+ filter.append("(x509cert.nsExtension.SecureEmail=on)");
+ } else if (isOff(request.getCertTypeSecureEmail())) {
+ filter.append("(x509cert.nsExtension.SecureEmail=off)");
+ }
+ if (isOn(request.getCertTypeSubSSLCA())) {
+ filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
+ } else if (isOff(request.getCertTypeSubSSLCA())) {
+ filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
+ }
+ if (isOn(request.getCertTypeSubEmailCA())) {
+ filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
+ } else if (isOff(request.getCertTypeSubEmailCA())) {
+ filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
+ }
+ }
+
+ private boolean isOn(String value) {
+ String inUse = value;
+ if (inUse == null) {
+ return false;
+ }
+ if (inUse.equals("on")) {
+ return true;
+ }
+ return false;
+ }
+
+ private boolean isOff(String value) {
+ String inUse = value;
+ if (inUse == null) {
+ return false;
+ }
+ if (inUse.equals("off")) {
+ return true;
+ }
+ return false;
+ }
+
+ private void buildAVAFilter(String param,
+ String avaName, StringBuffer lf, String match) {
+ if (param != null && !param.equals("")) {
+ if (match != null && match.equals(MATCH_EXACTLY)) {
+ lf.append("(|");
+ lf.append("(x509cert.subject=*");
+ lf.append(avaName);
+ lf.append("=");
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
+ lf.append(",*)");
+ lf.append("(x509cert.subject=*");
+ lf.append(avaName);
+ lf.append("=");
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
+ lf.append(")");
+ lf.append(")");
+ } else {
+ lf.append("(x509cert.subject=*");
+ lf.append(avaName);
+ lf.append("=");
+ lf.append("*");
+ lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeRDNValue(param)));
+ lf.append("*)");
+ }
+ }
+
+ }
+}