Store issuer DN in certificate records

Lightweight CAs mean that we may wish to filter certificates based
on the issuer.  Update X509CertImplMapper to store the issuer DN in
each certificate record, using exiting schema.

Also add indices for the 'issuerName' LDAP attribute.

5 files changed, 21 insertions, 2 deletions

diff --git a/base/ca/shared/conf/index.ldif b/base/ca/shared/conf/index.ldif
index 11ebddfe3..90814b6a6 100644
--- a/base/ca/shared/conf/index.ldif
+++ b/base/ca/shared/conf/index.ldif
@@ -161,6 +161,15 @@ nsindexType: sub
 nsSystemindex: false
 cn: ownername
 
+dn: cn=issuername,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
+objectClass: top
+objectClass: nsIndex
+nsindexType: eq
+nsindexType: pres
+nsindexType: sub
+nsSystemindex: false
+cn: issuername
+
 dn: cn=subjectname,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
 objectClass: top
 objectClass: nsIndex
diff --git a/base/ca/shared/conf/indextasks.ldif b/base/ca/shared/conf/indextasks.ldif
index 4db159ab0..8a32ac585 100644
--- a/base/ca/shared/conf/indextasks.ldif
+++ b/base/ca/shared/conf/indextasks.ldif
@@ -26,6 +26,7 @@ nsIndexAttribute: revokedOn:eq,pres
 nsIndexAttribute: archivedBy:eq,pres
 nsIndexAttribute: ownername:eq,pres,sub
 nsIndexAttribute: subjectname:eq,pres,sub
+nsIndexAttribute: issuername:eq,pres,sub
 nsIndexAttribute: requestsourceid:eq,pres,sub
 nsIndexAttribute: revInfo:eq,pres,sub
 nsIndexAttribute: extension:eq,pres,sub
diff --git a/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java b/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
index 76101d9b7..23f4e07d4 100644
--- a/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
+++ b/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
@@ -69,6 +69,7 @@ public interface ICertRecord extends IDBObj {
     public final static String X509CERT_DURATION = "duration";
     public final static String X509CERT_EXTENSION = "extension";
     public final static String X509CERT_SUBJECT = "subject";
+    public final static String X509CERT_ISSUER = "issuer";
     public final static String X509CERT_PUBLIC_KEY_DATA = "publicKeyData";
     public final static String X509CERT_VERSION = "version";
     public final static String X509CERT_ALGORITHM = "algorithm";
@@ -86,6 +87,8 @@ public interface ICertRecord extends IDBObj {
             ATTR_X509CERT + "." + X509CERT_EXTENSION;
     public final static String ATTR_X509CERT_SUBJECT =
             ATTR_X509CERT + "." + X509CERT_SUBJECT;
+    public final static String ATTR_X509CERT_ISSUER =
+            ATTR_X509CERT + "." + X509CERT_ISSUER;
     public final static String ATTR_X509CERT_VERSION =
             ATTR_X509CERT + "." + X509CERT_VERSION;
     public final static String ATTR_X509CERT_ALGORITHM =
@@ -119,9 +122,9 @@ public interface ICertRecord extends IDBObj {
     public X509CertImpl getCertificate();
 
     /**
-     * Retrieves name of who issued this certificate.
+     * Retrieves name of which user issued this certificate.
      *
-     * @return name of who issued this certificate
+     * @return name of which user issued this certificate
      */
     public String getIssuedBy();
 
diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java
index 916e83a8a..ec1de1ca8 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java
@@ -42,6 +42,7 @@ public class CertDBSchema {
     public static final String LDAP_ATTR_VERSION = "version";
     public static final String LDAP_ATTR_DURATION = "duration";
     public static final String LDAP_ATTR_SUBJECT = "subjectName";
+    public static final String LDAP_ATTR_ISSUER = "issuerName";
     public static final String LDAP_ATTR_ALGORITHM = "algorithmId";
     public static final String LDAP_ATTR_SIGNING_ALGORITHM = "signingAlgorithmId";
     public static final String LDAP_ATTR_REVO_INFO = "revInfo";
diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
index ef8577747..d67f8e5df 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
@@ -61,6 +61,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
         v.addElement(CertDBSchema.LDAP_ATTR_DURATION);
         v.addElement(CertDBSchema.LDAP_ATTR_EXTENSION);
         v.addElement(CertDBSchema.LDAP_ATTR_SUBJECT);
+        v.addElement(CertDBSchema.LDAP_ATTR_ISSUER);
         v.addElement(CertDBSchema.LDAP_ATTR_SIGNED_CERT);
         v.addElement(CertDBSchema.LDAP_ATTR_VERSION);
         v.addElement(CertDBSchema.LDAP_ATTR_ALGORITHM);
@@ -90,6 +91,8 @@ public class X509CertImplMapper implements IDBAttrMapper {
                     DBSUtil.longToDB(notAfter.getTime() - notBefore.getTime())));
             attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT,
                     cert.getSubjectDN().getName()));
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_ISSUER,
+                    cert.getIssuerDN().getName()));
             attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA, cert.getPublicKey().getEncoded()));
             // make extension searchable
             Set<String> nonCritSet = cert.getNonCriticalExtensionOIDs();
@@ -300,6 +303,8 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SUBJECT)) {
             name = CertDBSchema.LDAP_ATTR_SUBJECT;
+        } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_ISSUER)) {
+            name = CertDBSchema.LDAP_ATTR_ISSUER;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_PUBLIC_KEY_DATA)) {
             name = CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_DURATION)) {