Support certificate search by issuer DN.

Now that Dogtag can host multiple CAs in a single instance, add a certificate search parameter for limiting searches to a particular issuer. Fixes: https://fedorahosted.org/pki/ticket/2321
author: Fraser Tweedale <ftweedal@redhat.com> 2016-05-10 13:03:15 +1000
committer: Fraser Tweedale <ftweedal@redhat.com> 2016-05-10 13:46:26 +1000
commit: 70d751e837cbf375ebd068169e591cd4a971f472 (patch)
tree: 1586a7621473dd6400d3edf18c22a2a0c21166ec /base
parent: 4f7b36b0dcd3c09047325ebcb42d554093c9a756 (diff)
2 files changed, 21 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
index 33ff3fc68..9c4d16dc1 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
@@ -40,6 +40,9 @@ import javax.xml.bind.annotation.XmlRootElement;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class CertSearchRequest {
 
+    @XmlElement
+    protected String issuerDN;
+
     //Serial Number
     @XmlElement
     protected boolean serialNumberRangeInUse;
@@ -189,6 +192,14 @@ public class CertSearchRequest {
     @XmlElement
     protected boolean certTypeInUse;
 
+    public String getIssuerDN() {
+        return issuerDN;
+    }
+
+    public void setIssuerDN(String issuerDN) {
+        this.issuerDN = issuerDN;
+    }
+
     //Boolean values
     public boolean getSerialNumberRangeInUse() {
         return serialNumberRangeInUse;
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
index be44c47b5..55f32d27e 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
@@ -42,6 +42,7 @@ public class FilterBuilder {
 
     public String buildFilter() {
 
+        buildIssuerDNFilter();
         buildSerialNumberRangeFilter();
         buildSubjectFilter();
         buildStatusFilter();
@@ -70,6 +71,15 @@ public class FilterBuilder {
         }
     }
 
+    private void buildIssuerDNFilter() {
+        String issuerDN = request.getIssuerDN();
+        if (issuerDN != null && !issuerDN.isEmpty()) {
+            filters.add(
+                "(" + ICertRecord.ATTR_X509CERT_ISSUER
+                + "=" + LDAPUtil.escapeFilter(issuerDN) + ")");
+        }
+    }
+
     private void buildSerialNumberRangeFilter() {
 
         String serialFrom = request.getSerialFrom();
author	Fraser Tweedale <ftweedal@redhat.com>	2016-05-10 13:03:15 +1000
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-05-10 13:46:26 +1000
commit	70d751e837cbf375ebd068169e591cd4a971f472 (patch)
tree	1586a7621473dd6400d3edf18c22a2a0c21166ec /base
parent	4f7b36b0dcd3c09047325ebcb42d554093c9a756 (diff)