From f554dc2aa0478aa23f7e986b6779091f7d520bf5 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Sat, 11 Aug 2012 08:37:52 -0500
Subject: Cleaned up REST common class names.

The REST common classes have been renamed for better clarity
and consistency.

Ticket #259
---
 .../cms/servlet/cert/CertNotFoundException.java    |   4 +-
 .../netscape/cms/servlet/cert/CertProcessor.java   |   6 +-
 .../netscape/cms/servlet/cert/CertResource.java    |   8 +-
 .../com/netscape/cms/servlet/cert/CertService.java |  50 +-
 .../com/netscape/cms/servlet/cert/DoRevoke.java    |   4 +-
 .../com/netscape/cms/servlet/cert/DoUnrevoke.java  |   4 +-
 .../cms/servlet/cert/EnrollmentProcessor.java      |   8 +-
 .../cms/servlet/cert/RenewalProcessor.java         |   6 +-
 .../cms/servlet/cert/RequestProcessor.java         |  14 +-
 .../netscape/cms/servlet/cert/model/CertData.java  | 283 +++++++
 .../cms/servlet/cert/model/CertSearchData.java     | 862 ---------------------
 .../cms/servlet/cert/model/CertSearchRequest.java  | 862 +++++++++++++++++++++
 .../cms/servlet/cert/model/CertificateData.java    | 283 -------
 13 files changed, 1197 insertions(+), 1197 deletions(-)
 create mode 100644 base/common/src/com/netscape/cms/servlet/cert/model/CertData.java
 delete mode 100644 base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java
 create mode 100644 base/common/src/com/netscape/cms/servlet/cert/model/CertSearchRequest.java
 delete mode 100644 base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java

(limited to 'base/common/src/com/netscape/cms/servlet/cert')

diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java
index 11948ee39..bcfc18aaf 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertNotFoundException.java
@@ -20,9 +20,9 @@ package com.netscape.cms.servlet.cert;
 import javax.ws.rs.core.Response;
 
 import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.cms.servlet.base.PKIException;
 
-public class CertNotFoundException extends CMSException {
+public class CertNotFoundException extends PKIException {
 
     private static final long serialVersionUID = -4784839378360933483L;
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
index 13b0072b4..2254a0458 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertProcessor.java
@@ -42,7 +42,7 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.processors.Processor;
 import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.cms.servlet.request.model.CertEnrollmentRequest;
 
 public class CertProcessor extends Processor {
 
@@ -73,7 +73,7 @@ public class CertProcessor extends Processor {
         }
     }
 
-    private void setInputsIntoRequest(EnrollmentRequestData data, IProfile profile, IRequest req) {
+    private void setInputsIntoRequest(CertEnrollmentRequest data, IProfile profile, IRequest req) {
         // put profile inputs into a local map
         HashMap<String, String> dataInputs = new HashMap<String, String>();
         for (ProfileInput input : data.getInputs()) {
@@ -269,7 +269,7 @@ public class CertProcessor extends Processor {
         return errorCode;
     }
 
-    protected void populateRequests(EnrollmentRequestData data, boolean isRenewal,
+    protected void populateRequests(CertEnrollmentRequest data, boolean isRenewal,
             Locale locale, Date origNotAfter, String origSubjectDN, IRequest origReq, String profileId,
             IProfile profile, IProfileContext ctx, IProfileAuthenticator authenticator, IAuthToken authToken,
             IRequest[] reqs) throws EBaseException {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
index f3a9d4129..e937b2816 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertResource.java
@@ -13,9 +13,9 @@ import javax.ws.rs.core.MediaType;
 import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.cms.servlet.cert.model.CertDataInfos;
 import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
+import com.netscape.cms.servlet.cert.model.CertSearchRequest;
 import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.cert.model.CertData;
 import com.netscape.cms.servlet.request.model.CertRequestInfo;
 
 @Path("")
@@ -37,14 +37,14 @@ public interface CertResource {
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     public CertDataInfos searchCerts(
-            CertSearchData data,
+            CertSearchRequest data,
             @QueryParam("start") Integer start,
             @QueryParam("size") Integer size);
 
     @GET
     @Path("certs/{id}")
     @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public CertificateData getCert(@PathParam("id") CertId id);
+    public CertData getCert(@PathParam("id") CertId id);
 
     @POST
     @Path("agent/certs/{id}/revoke-ca")
diff --git a/base/common/src/com/netscape/cms/servlet/cert/CertService.java b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
index 08a621529..365e89977 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/CertService.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/CertService.java
@@ -54,19 +54,19 @@ import com.netscape.certsrv.logging.AuditFormat;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.base.BadRequestException;
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.cms.servlet.base.PKIException;
 import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cms.servlet.base.UnauthorizedException;
 import com.netscape.cms.servlet.cert.model.CertDataInfo;
 import com.netscape.cms.servlet.cert.model.CertDataInfos;
 import com.netscape.cms.servlet.cert.model.CertRevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertSearchData;
+import com.netscape.cms.servlet.cert.model.CertSearchRequest;
 import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest;
-import com.netscape.cms.servlet.cert.model.CertificateData;
+import com.netscape.cms.servlet.cert.model.CertData;
 import com.netscape.cms.servlet.processors.Processor;
 import com.netscape.cms.servlet.request.model.CertRequestDAO;
 import com.netscape.cms.servlet.request.model.CertRequestInfo;
-import com.netscape.cms.servlet.request.model.CertRetrievalRequestData;
+import com.netscape.cms.servlet.request.model.CertRetrievalRequest;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -93,22 +93,22 @@ public class CertService extends PKIService implements CertResource {
     }
 
     @Override
-    public CertificateData getCert(CertId id) {
+    public CertData getCert(CertId id) {
         validateRequest(id);
 
-        CertRetrievalRequestData data = new CertRetrievalRequestData();
+        CertRetrievalRequest data = new CertRetrievalRequest();
         data.setCertId(id);
 
-        CertificateData certData = null;
+        CertData certData = null;
 
         try {
             certData = getCert(data);
         } catch (EDBRecordNotFoundException e) {
             throw new CertNotFoundException(id);
         } catch (EBaseException e) {
-            throw new CMSException("Problem returning certificate: " + id);
+            throw new PKIException("Problem returning certificate: " + id);
         } catch (CertificateEncodingException e) {
-            throw new CMSException("Problem encoding certificate searched for: " + id);
+            throw new PKIException("Problem encoding certificate searched for: " + id);
         }
 
         return certData;
@@ -152,7 +152,7 @@ public class CertService extends PKIService implements CertResource {
             processor.setAuthority(authority);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -190,7 +190,7 @@ public class CertService extends PKIService implements CertResource {
 
             processor.auditChangeRequest(ILogger.SUCCESS);
 
-        } catch (CMSException e) {
+        } catch (PKIException e) {
             processor.log(ILogger.LL_FAILURE, e.getMessage());
             processor.auditChangeRequest(ILogger.FAILURE);
             throw e;
@@ -199,13 +199,13 @@ public class CertService extends PKIService implements CertResource {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
 
         } catch (IOException e) {
             processor.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+            throw new PKIException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
@@ -221,7 +221,7 @@ public class CertService extends PKIService implements CertResource {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequestProcessed(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -230,7 +230,7 @@ public class CertService extends PKIService implements CertResource {
             return dao.getRequest(certRequest.getRequestId(), uriInfo);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -249,7 +249,7 @@ public class CertService extends PKIService implements CertResource {
             processor.setAuthority(authority);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -262,7 +262,7 @@ public class CertService extends PKIService implements CertResource {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
@@ -278,7 +278,7 @@ public class CertService extends PKIService implements CertResource {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequestProcessed(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         try {
@@ -287,7 +287,7 @@ public class CertService extends PKIService implements CertResource {
             return dao.getRequest(certRequest.getRequestId(), uriInfo);
 
         } catch (EBaseException e) {
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
     }
 
@@ -306,7 +306,7 @@ public class CertService extends PKIService implements CertResource {
         return filter;
     }
 
-    private String createSearchFilter(CertSearchData data) {
+    private String createSearchFilter(CertSearchRequest data) {
         if (data == null) {
             return null;
         }
@@ -325,13 +325,13 @@ public class CertService extends PKIService implements CertResource {
             infos = getCertList(filter, maxResults, maxTime);
         } catch (EBaseException e) {
             e.printStackTrace();
-            throw new CMSException("Error listing certs in CertsResourceService.listCerts!");
+            throw new PKIException("Error listing certs in CertsResourceService.listCerts!");
         }
         return infos;
     }
 
     @Override
-    public CertDataInfos searchCerts(CertSearchData data, Integer start, Integer size) {
+    public CertDataInfos searchCerts(CertSearchRequest data, Integer start, Integer size) {
         if (data == null) {
             throw new WebApplicationException(Response.Status.BAD_REQUEST);
         }
@@ -372,7 +372,7 @@ public class CertService extends PKIService implements CertResource {
                 infos.addLink(new Link("next", uri));
             }
         } catch (EBaseException e1) {
-            throw new CMSException("Error listing certs in CertsResourceService.listCerts!" + e.toString());
+            throw new PKIException("Error listing certs in CertsResourceService.listCerts!" + e.toString());
         }
 
         return infos;
@@ -412,14 +412,14 @@ public class CertService extends PKIService implements CertResource {
         return ret;
     }
 
-    public CertificateData getCert(CertRetrievalRequestData data) throws EBaseException, CertificateEncodingException {
+    public CertData getCert(CertRetrievalRequest data) throws EBaseException, CertificateEncodingException {
         CertId certId = data.getCertId();
 
         //find the cert in question
         ICertRecord record = repo.readCertificateRecord(certId.toBigInteger());
         X509CertImpl cert = record.getCertificate();
 
-        CertificateData certData = new CertificateData();
+        CertData certData = new CertData();
 
         certData.setSerialNumber(certId);
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 167385ea9..f74a6bbac 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -65,7 +65,7 @@ import com.netscape.certsrv.usrgrp.Certificates;
 import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.cms.servlet.base.PKIException;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -473,7 +473,7 @@ public class DoRevoke extends CMSServlet {
                         processor.addCertificateToRevoke(targetCert);
                         rarg.addStringValue("error", null);
 
-                    } catch (CMSException ex) {
+                    } catch (PKIException ex) {
                         rarg.addStringValue("error", ex.getMessage());
                     }
 
diff --git a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index 292f60457..0f41d3e6a 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -50,7 +50,7 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
-import com.netscape.cms.servlet.base.CMSException;
+import com.netscape.cms.servlet.base.PKIException;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
@@ -274,7 +274,7 @@ public class DoUnrevoke extends CMSServlet {
             processor.log(ILogger.LL_FAILURE, "Error " + e);
             processor.auditChangeRequest(ILogger.FAILURE);
 
-            throw new CMSException(e.getMessage());
+            throw new PKIException(e.getMessage());
         }
 
         // change audit processing from "REQUEST" to "REQUEST_PROCESSED"
diff --git a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
index c1841051b..1d8a5695a 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/EnrollmentProcessor.java
@@ -38,7 +38,7 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
 import com.netscape.cms.servlet.profile.model.ProfileInput;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.cms.servlet.request.model.CertEnrollmentRequest;
 import com.netscape.cms.servlet.request.model.CertEnrollmentRequestFactory;
 
 public class EnrollmentProcessor extends CertProcessor {
@@ -47,7 +47,7 @@ public class EnrollmentProcessor extends CertProcessor {
         super(id, locale);
     }
 
-    private void setInputsIntoContext(EnrollmentRequestData data, IProfile profile, IProfileContext ctx) {
+    private void setInputsIntoContext(CertEnrollmentRequest data, IProfile profile, IProfileContext ctx) {
         // put profile inputs into a local map
         HashMap<String, String> dataInputs = new HashMap<String, String>();
         for (ProfileInput input : data.getInputs()) {
@@ -97,7 +97,7 @@ public class EnrollmentProcessor extends CertProcessor {
             throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
         }
 
-        EnrollmentRequestData data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
+        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
         return processEnrollment(data, cmsReq.getHttpReq());
     }
 
@@ -118,7 +118,7 @@ public class EnrollmentProcessor extends CertProcessor {
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
-    public HashMap<String, Object> processEnrollment(EnrollmentRequestData data, HttpServletRequest request)
+    public HashMap<String, Object> processEnrollment(CertEnrollmentRequest data, HttpServletRequest request)
             throws EBaseException {
 
         try {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
index 3e6c77fbf..3714d9807 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RenewalProcessor.java
@@ -44,7 +44,7 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
-import com.netscape.cms.servlet.request.model.EnrollmentRequestData;
+import com.netscape.cms.servlet.request.model.CertEnrollmentRequest;
 import com.netscape.cms.servlet.request.model.CertEnrollmentRequestFactory;
 
 public class RenewalProcessor extends CertProcessor {
@@ -61,7 +61,7 @@ public class RenewalProcessor extends CertProcessor {
             throw new BadRequestDataException(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
         }
 
-        EnrollmentRequestData data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
+        CertEnrollmentRequest data = CertEnrollmentRequestFactory.create(cmsReq, profile, locale);
 
         //only used in renewal
         data.setSerialNum(req.getParameter("serial_num"));
@@ -78,7 +78,7 @@ public class RenewalProcessor extends CertProcessor {
      * Things to note:
      * * the renew request will contain the original profile instead of the new
      */
-    public HashMap<String, Object> processRenewal(EnrollmentRequestData data, HttpServletRequest request)
+    public HashMap<String, Object> processRenewal(CertEnrollmentRequest data, HttpServletRequest request)
             throws EBaseException {
         try {
             if (CMS.debugOn()) {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
index 8822be2b2..2b26773f6 100644
--- a/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
+++ b/base/common/src/com/netscape/cms/servlet/cert/RequestProcessor.java
@@ -57,7 +57,7 @@ import com.netscape.cms.servlet.profile.model.ProfileAttribute;
 import com.netscape.cms.servlet.profile.model.ProfileOutput;
 import com.netscape.cms.servlet.profile.model.ProfileOutputFactory;
 import com.netscape.cms.servlet.profile.model.ProfilePolicySet;
-import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData;
+import com.netscape.cms.servlet.request.model.CertReviewResponse;
 import com.netscape.cms.servlet.request.model.CertReviewResponseFactory;
 
 public class RequestProcessor extends CertProcessor {
@@ -66,19 +66,19 @@ public class RequestProcessor extends CertProcessor {
         super(id, locale);
     }
 
-    public AgentEnrollmentRequestData processRequest(CMSRequest cmsReq, IRequest request, String op) throws EBaseException {
+    public CertReviewResponse processRequest(CMSRequest cmsReq, IRequest request, String op) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         IRequest ireq = cmsReq.getIRequest();
 
         String profileId = ireq.getExtDataInString("profileId");
         IProfile profile = ps.getProfile(profileId);
-        AgentEnrollmentRequestData data = CertReviewResponseFactory.create(cmsReq, profile, nonces, locale);
+        CertReviewResponse data = CertReviewResponseFactory.create(cmsReq, profile, nonces, locale);
 
         processRequest(req, data, request, op);
         return data;
     }
 
-    public void processRequest(HttpServletRequest request, AgentEnrollmentRequestData data, IRequest req, String op)
+    public void processRequest(HttpServletRequest request, CertReviewResponse data, IRequest req, String op)
             throws EBaseException {
         try {
             startTiming("approval");
@@ -355,7 +355,7 @@ public class RequestProcessor extends CertProcessor {
      * @exception EProfileException an error related to this profile has
      *                occurred
      */
-    private void approveRequest(IRequest req, AgentEnrollmentRequestData data, IProfile profile, Locale locale)
+    private void approveRequest(IRequest req, CertReviewResponse data, IProfile profile, Locale locale)
             throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -404,7 +404,7 @@ public class RequestProcessor extends CertProcessor {
         }
     }
 
-    private void updateValues(AgentEnrollmentRequestData data, IRequest req,
+    private void updateValues(CertReviewResponse data, IRequest req,
             IProfile profile, Locale locale)
             throws ERejectException, EDeferException, EPropertyException {
 
@@ -443,7 +443,7 @@ public class RequestProcessor extends CertProcessor {
 
     }
 
-    private void updateNotes(AgentEnrollmentRequestData data, IRequest req) {
+    private void updateNotes(CertReviewResponse data, IRequest req) {
         String notes = data.getRequestNotes();
 
         if (notes != null) {
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertData.java
new file mode 100644
index 000000000..50fcf81da
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertData.java
@@ -0,0 +1,283 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2012 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.cert.model;
+
+import java.io.PrintWriter;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+
+import org.jboss.resteasy.plugins.providers.atom.Link;
+
+import com.netscape.certsrv.dbs.certdb.CertId;
+import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
+
+/**
+ * @author alee
+ *
+ */
+@XmlRootElement(name = "CertData")
+public class CertData {
+
+    public static Marshaller marshaller;
+    public static Unmarshaller unmarshaller;
+
+    static {
+        try {
+            marshaller = JAXBContext.newInstance(CertData.class).createMarshaller();
+            marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+            unmarshaller = JAXBContext.newInstance(CertData.class).createUnmarshaller();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    CertId serialNumber;
+    String issuerDN;
+    String subjectDN;
+    String prettyPrint;
+    String encoded;
+    String pkcs7CertChain;
+    String notBefore;
+    String notAfter;
+    String status;
+
+    Link link;
+
+    @XmlAttribute(name="id")
+    @XmlJavaTypeAdapter(CertIdAdapter.class)
+    public CertId getSerialNumber() {
+        return serialNumber;
+    }
+
+    public void setSerialNumber(CertId serialNumber) {
+        this.serialNumber = serialNumber;
+    }
+
+    @XmlElement(name="IssuerDN")
+    public String getIssuerDN() {
+        return issuerDN;
+    }
+
+    public void setIssuerDN(String issuerDN) {
+        this.issuerDN = issuerDN;
+    }
+
+    @XmlElement(name="SubjectDN")
+    public String getSubjectDN() {
+        return subjectDN;
+    }
+
+    public void setSubjectDN(String subjectDN) {
+        this.subjectDN = subjectDN;
+    }
+
+    @XmlElement(name="PrettyPrint")
+    public String getPrettyPrint() {
+        return prettyPrint;
+    }
+
+    public void setPrettyPrint(String prettyPrint) {
+        this.prettyPrint = prettyPrint;
+    }
+
+    @XmlElement(name="Encoded")
+    public String getEncoded() {
+        return encoded;
+    }
+
+    public void setEncoded(String encoded) {
+        this.encoded = encoded;
+    }
+
+    @XmlElement(name="PKCS7CertChain")
+    public void setPkcs7CertChain(String chain) {
+        this.pkcs7CertChain = chain;
+    }
+
+    public String getPkcs7CertChain() {
+        return pkcs7CertChain;
+    }
+
+    @XmlElement(name="NotBefore")
+    public String getNotBefore() {
+        return notBefore;
+    }
+
+    public void setNotBefore(String notBefore) {
+        this.notBefore = notBefore;
+    }
+
+    @XmlElement(name="NotAfter")
+    public String getNotAfter() {
+        return notAfter;
+    }
+
+    public void setNotAfter(String notAfter) {
+        this.notAfter = notAfter;
+    }
+
+    @XmlElement(name="Status")
+    public String getStatus() {
+        return status;
+    }
+
+    public void setStatus(String status) {
+        this.status = status;
+    }
+
+    @XmlElement(name="Link")
+    public Link getLink() {
+        return link;
+    }
+
+    public void setLink(Link link) {
+        this.link = link;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((encoded == null) ? 0 : encoded.hashCode());
+        result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode());
+        result = prime * result + ((notAfter == null) ? 0 : notAfter.hashCode());
+        result = prime * result + ((notBefore == null) ? 0 : notBefore.hashCode());
+        result = prime * result + ((pkcs7CertChain == null) ? 0 : pkcs7CertChain.hashCode());
+        result = prime * result + ((prettyPrint == null) ? 0 : prettyPrint.hashCode());
+        result = prime * result + ((serialNumber == null) ? 0 : serialNumber.hashCode());
+        result = prime * result + ((status == null) ? 0 : status.hashCode());
+        result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        CertData other = (CertData) obj;
+        if (encoded == null) {
+            if (other.encoded != null)
+                return false;
+        } else if (!encoded.equals(other.encoded))
+            return false;
+        if (issuerDN == null) {
+            if (other.issuerDN != null)
+                return false;
+        } else if (!issuerDN.equals(other.issuerDN))
+            return false;
+        if (notAfter == null) {
+            if (other.notAfter != null)
+                return false;
+        } else if (!notAfter.equals(other.notAfter))
+            return false;
+        if (notBefore == null) {
+            if (other.notBefore != null)
+                return false;
+        } else if (!notBefore.equals(other.notBefore))
+            return false;
+        if (pkcs7CertChain == null) {
+            if (other.pkcs7CertChain != null)
+                return false;
+        } else if (!pkcs7CertChain.equals(other.pkcs7CertChain))
+            return false;
+        if (prettyPrint == null) {
+            if (other.prettyPrint != null)
+                return false;
+        } else if (!prettyPrint.equals(other.prettyPrint))
+            return false;
+        if (serialNumber == null) {
+            if (other.serialNumber != null)
+                return false;
+        } else if (!serialNumber.equals(other.serialNumber))
+            return false;
+        if (status == null) {
+            if (other.status != null)
+                return false;
+        } else if (!status.equals(other.status))
+            return false;
+        if (subjectDN == null) {
+            if (other.subjectDN != null)
+                return false;
+        } else if (!subjectDN.equals(other.subjectDN))
+            return false;
+        return true;
+    }
+
+    public String toString() {
+        try {
+            StringWriter sw = new StringWriter();
+            marshaller.marshal(this, sw);
+            return sw.toString();
+
+        } catch (Exception e) {
+            return super.toString();
+        }
+    }
+
+    public static CertData valueOf(String string) throws Exception {
+        try {
+            return (CertData)unmarshaller.unmarshal(new StringReader(string));
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public static void main(String args[]) throws Exception {
+
+        StringWriter sw = new StringWriter();
+        PrintWriter out = new PrintWriter(sw, true);
+
+        out.println("-----BEGIN CERTIFICATE-----");
+        out.println("MIIB/zCCAWgCCQCtpWH58pqsejANBgkqhkiG9w0BAQUFADBEMRQwEgYDVQQKDAtF");
+        out.println("WEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYDVQQDDAlU");
+        out.println("ZXN0IFVzZXIwHhcNMTIwNTE0MTcxNzI3WhcNMTMwNTE0MTcxNzI3WjBEMRQwEgYD");
+        out.println("VQQKDAtFWEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYD");
+        out.println("VQQDDAlUZXN0IFVzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKmmiPJp");
+        out.println("Agh/gPUAZjfgJ3a8QiHvpMzZ/hZy1FVP3+2sNhCkMv+D/I8Y7AsrbJGxxvD7bTDm");
+        out.println("zQYtYx2ryGyOgY7KBRxEj/IrNVHIkJMYq5G/aIU4FAzpc6ntNSwUQBYUAamfK8U6");
+        out.println("Wo4Cp6rLePXIDE6sfGn3VX6IeSJ8U2V+vwtzAgMBAAEwDQYJKoZIhvcNAQEFBQAD");
+        out.println("gYEAY9bjcD/7Z+oX6gsJtX6Rd79E7X5IBdOdArYzHNE4vjdaQrZw6oCxrY8ffpKC");
+        out.println("0T0q5PX9I7er+hx/sQjGPMrJDEN+vFBSNrZE7sTeLRgkyiqGvChSyuG05GtGzXO4");
+        out.println("bFBr+Gwk2VF2wJvOhTXU2hN8sfkkd9clzIXuL8WCDhWk1bY=");
+        out.println("-----END CERTIFICATE-----");
+
+        CertData before = new CertData();
+        before.setSerialNumber(new CertId("12512514865863765114"));
+        before.setIssuerDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
+        before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
+        before.setEncoded(sw.toString());
+
+        String string = before.toString();
+        System.out.println(string);
+
+        CertData after = CertData.valueOf(string);
+        System.out.println(before.equals(after));
+    }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java
deleted file mode 100644
index 44092ac16..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchData.java
+++ /dev/null
@@ -1,862 +0,0 @@
-//--- BEGIN COPYRIGHT BLOCK ---
-//This program is free software; you can redistribute it and/or modify
-//it under the terms of the GNU General Public License as published by
-//the Free Software Foundation; version 2 of the License.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//GNU General Public License for more details.
-//
-//You should have received a copy of the GNU General Public License along
-//with this program; if not, write to the Free Software Foundation, Inc.,
-//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-//(C) 2011 Red Hat, Inc.
-//All rights reserved.
-//--- END COPYRIGHT BLOCK ---
-
-// TODO: This class is brute force. Come up with a way to divide these search filter entities into
-// smaller classes
-package com.netscape.cms.servlet.cert.model;
-
-import java.io.Reader;
-import java.util.Calendar;
-import java.util.StringTokenizer;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-
-import com.netscape.cmsutil.ldap.LDAPUtil;
-
-/**
- * @author jmagne
- *
- */
-@XmlRootElement(name = "CertSearchData")
-@XmlAccessorType(XmlAccessType.FIELD)
-public class CertSearchData {
-
-    private final static String MATCH_EXACTLY = "exact";
-    //Serial Number
-    @XmlElement
-    protected boolean serialNumberRangeInUse;
-
-    @XmlElement
-    protected String serialTo;
-
-    @XmlElement
-    protected String serialFrom;
-
-    //Subject Name
-    @XmlElement
-    protected boolean subjectInUse;
-
-    @XmlElement
-    protected String eMail;
-
-    @XmlElement
-    protected String commonName;
-
-    @XmlElement
-    protected String userID;
-
-    @XmlElement
-    protected String orgUnit;
-
-    @XmlElement
-    protected String org;
-
-    @XmlElement
-    protected String locality;
-
-    @XmlElement
-    protected String state;
-
-    @XmlElement
-    protected String country;
-
-    @XmlElement
-    protected boolean matchExactly;
-
-    //Revoked By
-
-    @XmlElement
-    protected String revokedBy;
-
-    //Revoked On
-
-    @XmlElement
-    protected String revokedOnFrom;
-
-    @XmlElement
-    protected String revokedOnTo;
-
-    //Revocation Reason
-
-    @XmlElement
-    protected String revocationReason;
-
-    //Issued By
-
-    @XmlElement
-    protected String issuedBy;
-
-    //Issued On
-
-    @XmlElement
-    protected String issuedOnFrom;
-
-    @XmlElement
-    protected String issuedOnTo;
-
-    //Valid Not Before
-
-    @XmlElement
-    protected String validNotBeforeFrom;
-
-    @XmlElement
-    protected String validNotBeforeTo;
-
-    //Valid Not After
-
-    @XmlElement
-    protected String validNotAfterFrom;
-
-    @XmlElement
-    protected String validNotAfterTo;
-
-    //Validity Length
-
-    @XmlElement
-    protected String validityOperation;
-
-    @XmlElement
-    protected String validityCount;
-
-    @XmlElement
-    protected String validityUnit;
-
-    // Cert Type
-
-    @XmlElement
-    protected String certTypeSubEmailCA;
-
-    @XmlElement
-    protected String certTypeSubSSLCA;
-
-    @XmlElement
-    protected String certTypeSecureEmail;
-
-    @XmlElement
-    protected String certTypeSSLClient;
-
-    @XmlElement
-    protected String certTypeSSLServer;
-
-    //Revoked By
-    @XmlElement
-    protected boolean revokedByInUse;
-
-    //Revoked On
-    @XmlElement
-    protected boolean revokedOnInUse;
-
-    @XmlElement
-    protected boolean revocationReasonInUse;
-
-    @XmlElement
-    protected boolean issuedByInUse;
-
-    @XmlElement
-    protected boolean issuedOnInUse;
-
-    @XmlElement
-    protected boolean validNotBeforeInUse;
-
-    @XmlElement
-    protected boolean validNotAfterInUse;
-
-    @XmlElement
-    protected boolean validityLengthInUse;
-
-    @XmlElement
-    protected boolean certTypeInUse;
-
-    //Boolean values
-    public boolean getSerialNumberRangeInUse() {
-        return serialNumberRangeInUse;
-    }
-
-    public void setSerialNumberRangeInUse(boolean serialNumberRangeInUse) {
-        this.serialNumberRangeInUse = serialNumberRangeInUse;
-    }
-
-    public boolean getSubjectInUse() {
-        return subjectInUse;
-    }
-
-    public void setSubjectInUse(boolean subjectInUse) {
-        this.subjectInUse = subjectInUse;
-    }
-
-    public boolean getRevokedByInUse() {
-        return revokedByInUse;
-    }
-
-    public void setRevokedByInUse(boolean revokedByInUse) {
-        this.revokedByInUse = revokedByInUse;
-    }
-
-    public boolean getRevokedOnInUse() {
-        return revokedOnInUse;
-    }
-
-    public void setRevokedOnInUse(boolean revokedOnInUse) {
-        this.revokedOnInUse = revokedOnInUse;
-    }
-
-    public void setRevocationReasonInUse(boolean revocationReasonInUse) {
-        this.revocationReasonInUse = revocationReasonInUse;
-    }
-
-    public boolean getRevocationReasonInUse() {
-        return revocationReasonInUse;
-    }
-
-    public void setIssuedByInUse(boolean issuedByInUse) {
-        this.issuedByInUse = issuedByInUse;
-    }
-
-    public boolean getIssuedByInUse() {
-        return issuedByInUse;
-    }
-
-    public void setIssuedOnInUse(boolean issuedOnInUse) {
-        this.issuedOnInUse = issuedOnInUse;
-    }
-
-    public boolean getIssuedOnInUse() {
-        return issuedOnInUse;
-    }
-
-    public void setValidNotBeforeInUse(boolean validNotBeforeInUse) {
-        this.validNotBeforeInUse = validNotBeforeInUse;
-    }
-
-    public boolean getValidNotBeforeInUse() {
-        return validNotBeforeInUse;
-    }
-
-    public void setValidNotAfterInUse(boolean validNotAfterInUse) {
-        this.validNotAfterInUse = validNotAfterInUse;
-    }
-
-    public boolean getValidNotAfterInUse() {
-        return validNotAfterInUse;
-    }
-
-    public void setValidityLengthInUse(boolean validityLengthInUse) {
-        this.validityLengthInUse = validityLengthInUse;
-    }
-
-    public boolean getValidityLengthInUse() {
-        return validityLengthInUse;
-    }
-
-    public void setCertTypeInUse(boolean certTypeInUse) {
-        this.certTypeInUse = certTypeInUse;
-    }
-
-    public boolean getCertTypeInUse() {
-        return certTypeInUse;
-    }
-
-    //Actual Values
-
-    public String getSerialTo() {
-        return serialTo;
-    }
-
-    public void setSerialTo(String serialTo) {
-        this.serialTo = serialTo;
-    }
-
-    public String getSerialFrom() {
-        return serialFrom;
-    }
-
-    public void setSerialFrom(String serialFrom) {
-        this.serialFrom = serialFrom;
-    }
-
-    //Subject Name
-
-    public String getEmail() {
-        return eMail;
-    }
-
-    public void setEmail(String email) {
-        this.eMail = email;
-    }
-
-    public String getCommonName() {
-        return commonName;
-    }
-
-    public void setCommonName(String commonName) {
-        this.commonName = commonName;
-    }
-
-    public String getUserID() {
-        return userID;
-    }
-
-    public void setUserID(String userID) {
-        this.userID = userID;
-    }
-
-    public String getOrgUnit() {
-        return orgUnit;
-    }
-
-    public void setOrgUnit(String orgUnit) {
-        this.orgUnit = orgUnit;
-    }
-
-    public String getOrg() {
-        return org;
-    }
-
-    public void setOrg(String org) {
-        this.org = org;
-    }
-
-    public String getLocality() {
-        return locality;
-    }
-
-    public void setLocality(String locality) {
-        this.locality = locality;
-    }
-
-    public String getState() {
-        return state;
-    }
-
-    public void setState(String state) {
-        this.state = state;
-    }
-
-    public String getCountry() {
-        return country;
-    }
-
-    public void setCountry(String country) {
-        this.country = country;
-    }
-
-    public boolean getMatchExactly() {
-        return matchExactly;
-    }
-
-    public void setMatchExactly(boolean matchExactly) {
-        this.matchExactly = matchExactly;
-    }
-
-    //Revoked On
-
-    public String getRevokedOnTo() {
-        return revokedOnTo;
-    }
-
-    public void setRevokedOnTo(String revokedOnTo) {
-        this.revokedOnTo = revokedOnTo;
-    }
-
-    public String getRevokedOnFrom() {
-        return revokedOnFrom;
-    }
-
-    public void setRevokedOnFrom(String revokedOnFrom) {
-        this.revokedOnFrom = revokedOnFrom;
-    }
-
-    //Revoked By
-
-    public String getRevokedBy() {
-        return revokedBy;
-    }
-
-    public void setRevokedBy(String revokedBy) {
-        this.revokedBy = revokedBy;
-    }
-
-    //Revocation Reason
-
-    public String getRevocationReason() {
-        return revocationReason;
-    }
-
-    public void setRevocationReason(String revocationReason) {
-        this.revocationReason = revocationReason;
-    }
-
-    //Issued By
-
-    public String getIssuedBy() {
-        return issuedBy;
-    }
-
-    public void setIssuedBy(String issuedBy) {
-        this.issuedBy = issuedBy;
-    }
-
-    //Issued On
-
-    public String getIssuedOnFrom() {
-        return issuedOnFrom;
-    }
-
-    public void setIssuedOnFrom(String issuedOnFrom) {
-        this.issuedOnFrom = issuedOnFrom;
-    }
-
-    public String getIssuedOnTo() {
-        return getIssuedOnTo();
-    }
-
-    //Valid Not After
-
-    public String getValidNotAfterFrom() {
-        return validNotAfterFrom;
-    }
-
-    public void setValidNotAfterFrom(String validNotAfterFrom) {
-        this.validNotAfterFrom = validNotAfterFrom;
-    }
-
-    public String getValidNotAfterTo() {
-        return validNotAfterTo;
-    }
-
-    public void setValidNotAfterTo(String validNotAfterTo) {
-        this.validNotAfterTo = validNotAfterTo;
-    }
-
-    //Valid Not Before
-
-    public String getValidNotBeforeFrom() {
-        return validNotBeforeFrom;
-    }
-
-    public void setValidNotBeforeFrom(String validNotBeforeFrom) {
-        this.validNotBeforeFrom = validNotBeforeFrom;
-    }
-
-    public String getValidNotBeforeTo() {
-        return validNotBeforeTo;
-    }
-
-    public void setValidNotBeforeTo(String validNotBeforeTo) {
-        this.validNotBeforeTo = validNotBeforeTo;
-    }
-
-    //Validity Length
-
-    public String getValidityOperation() {
-        return validityOperation;
-    }
-
-    public void setValidityOperation(String validityOperation) {
-        this.validityOperation = validityOperation;
-    }
-
-    public String getValidityUnit() {
-        return validityUnit;
-    }
-
-    public void setValidityUnit(String validityUnit) {
-        this.validityUnit = validityUnit;
-    }
-
-    public String getValidityCount() {
-        return validityCount;
-    }
-
-    public void setValidityCount(String validityCount) {
-        this.validityCount = validityCount;
-    }
-
-    //Cert Type
-
-    public String getCertTypeSubEmailCA() {
-        return certTypeSubEmailCA;
-    }
-
-    public void setCertTypeSubEmailCA(String certTypeSubEmailCA) {
-        this.certTypeSubEmailCA = certTypeSubEmailCA;
-    }
-
-    public String getCertTypeSubSSLCA() {
-        return certTypeSubSSLCA;
-    }
-
-    public void setCertTypeSubSSLCA(String certTypeSubSSLCA) {
-        this.certTypeSubSSLCA = certTypeSubSSLCA;
-    }
-
-    public String getCertTypeSecureEmail() {
-        return certTypeSecureEmail;
-    }
-
-    public void setCertTypeSecureEmail(String certTypeSecureEmail) {
-        this.certTypeSecureEmail = certTypeSecureEmail;
-    }
-
-    public String getCertTypeSSLClient() {
-        return certTypeSSLClient;
-    }
-
-    public void setCertTypeSSLClient(String SSLClient) {
-        this.certTypeSSLClient = SSLClient;
-    }
-
-    public String getCertTypeSSLServer() {
-        return certTypeSSLServer;
-    }
-
-    public void setCertTypeSSLServer(String SSLServer) {
-        this.certTypeSSLServer = SSLServer;
-    }
-
-    public CertSearchData() {
-        // required for JAXB (defaults)
-    }
-
-    public void buildFromServletRequest(HttpServletRequest req) {
-        //Set values from the servlet request
-        if (req == null) {
-            return;
-        }
-    }
-
-    public CertSearchData(MultivaluedMap<String, String> form) {
-    }
-
-    public String buildFilter() {
-        StringBuffer filter = new StringBuffer();
-        buildSerialNumberRangeFilter(filter);
-        buildSubjectFilter(filter);
-        buildRevokedByFilter(filter);
-        buildRevokedOnFilter(filter);
-        buildRevocationReasonFilter(filter);
-        buildIssuedByFilter(filter);
-        buildIssuedOnFilter(filter);
-        buildValidNotBeforeFilter(filter);
-        buildValidNotAfterFilter(filter);
-        buildValidityLengthFilter(filter);
-        buildCertTypeFilter(filter);
-
-        searchFilter = filter.toString();
-
-        if (searchFilter != null && !searchFilter.equals("")) {
-            searchFilter = "(&" + searchFilter + ")";
-        }
-
-        return searchFilter;
-    }
-
-    private void buildSerialNumberRangeFilter(StringBuffer filter) {
-
-        if (!getSerialNumberRangeInUse()) {
-            return;
-        }
-        boolean changed = false;
-        String serialFrom = getSerialFrom();
-        if (serialFrom != null && !serialFrom.equals("")) {
-            filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")");
-            changed = true;
-        }
-        String serialTo = getSerialTo();
-        if (serialTo != null && !serialTo.equals("")) {
-            filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")");
-            changed = true;
-        }
-        if (!changed) {
-            filter.append("(certRecordId=*)");
-        }
-
-    }
-
-    private void buildSubjectFilter(StringBuffer filter) {
-        if (!getSubjectInUse()) {
-            return;
-        }
-        StringBuffer lf = new StringBuffer();
-
-        String matchStr = null;
-        boolean match = getMatchExactly();
-
-        if (match == true) {
-            matchStr = MATCH_EXACTLY;
-        }
-
-        buildAVAFilter(getEmail(), "E", lf, matchStr);
-        buildAVAFilter(getCommonName(), "CN", lf, matchStr);
-        buildAVAFilter(getUserID(), "UID", lf, matchStr);
-        buildAVAFilter(getOrgUnit(), "OU", lf, matchStr);
-        buildAVAFilter(getOrg(), "O", lf, matchStr);
-        buildAVAFilter(getLocality(), "L", lf, matchStr);
-        buildAVAFilter(getState(), "ST", lf, matchStr);
-        buildAVAFilter(getCountry(), "C", lf, matchStr);
-
-        if (lf.length() == 0) {
-            filter.append("(x509cert.subject=*)");
-            return;
-        }
-        if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) {
-            filter.append("(&");
-            filter.append(lf);
-            filter.append(")");
-        } else {
-            filter.append("(|");
-            filter.append(lf);
-            filter.append(")");
-        }
-    }
-
-    private void buildRevokedByFilter(StringBuffer filter) {
-        if (!getRevokedByInUse()) {
-            return;
-        }
-
-        String revokedBy = getRevokedBy();
-        if (revokedBy == null || revokedBy.equals("")) {
-            filter.append("(certRevokedBy=*)");
-        } else {
-            filter.append("(certRevokedBy=");
-            filter.append(LDAPUtil.escapeFilter(revokedBy));
-            filter.append(")");
-        }
-    }
-
-    private void buildDateFilter(String prefix,
-            String outStr, long adjustment,
-            StringBuffer filter) {
-        long epoch = 0;
-        try {
-            epoch = Long.parseLong(prefix);
-        } catch (NumberFormatException e) {
-            // exception safely ignored
-        }
-        Calendar from = Calendar.getInstance();
-        from.setTimeInMillis(epoch);
-        filter.append("(");
-        filter.append(LDAPUtil.escapeFilter(outStr));
-        filter.append(Long.toString(from.getTimeInMillis() + adjustment));
-        filter.append(")");
-    }
-
-    private void buildRevokedOnFilter(StringBuffer filter) {
-        if (!getRevokedOnInUse()) {
-            return;
-        }
-        buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter);
-        buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter);
-    }
-
-    private void buildRevocationReasonFilter(StringBuffer filter) {
-        if (!getRevocationReasonInUse()) {
-            return;
-        }
-        String reasons = getRevocationReason();
-        if (reasons == null) {
-            return;
-        }
-        String queryCertFilter = null;
-        StringTokenizer st = new StringTokenizer(reasons, ",");
-        if (st.hasMoreTokens()) {
-            filter.append("(|");
-            while (st.hasMoreTokens()) {
-                String token = st.nextToken();
-                if (queryCertFilter == null) {
-                    queryCertFilter = "";
-                }
-                filter.append("(x509cert.certRevoInfo=");
-                filter.append(LDAPUtil.escapeFilter(token));
-                filter.append(")");
-            }
-            filter.append(")");
-        }
-    }
-
-    private void buildIssuedByFilter(StringBuffer filter) {
-        if (!getIssuedByInUse()) {
-            return;
-        }
-        String issuedBy = getIssuedBy();
-        ;
-        if (issuedBy == null || issuedBy.equals("")) {
-            filter.append("(certIssuedBy=*)");
-        } else {
-            filter.append("(certIssuedBy=");
-            filter.append(LDAPUtil.escapeFilter(issuedBy));
-            filter.append(")");
-        }
-    }
-
-    private void buildIssuedOnFilter(StringBuffer filter) {
-        if (!getIssuedOnInUse()) {
-            return;
-        }
-        buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter);
-        buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter);
-    }
-
-    private void buildValidNotBeforeFilter(StringBuffer filter) {
-        if (!getValidNotBeforeInUse()) {
-            return;
-        }
-        buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter);
-        buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter);
-
-    }
-
-    private void buildValidNotAfterFilter(StringBuffer filter) {
-        if (!getValidNotAfterInUse()) {
-            return;
-        }
-        buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter);
-        buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter);
-
-    }
-
-    private void buildValidityLengthFilter(StringBuffer filter) {
-        if (!getValidityLengthInUse()) {
-            return;
-        }
-        String op = getValidityOperation();
-        long count = 0;
-        try {
-            count = Long.parseLong(getValidityCount());
-        } catch (NumberFormatException e) {
-            // safely ignore
-        }
-        long unit = 0;
-        try {
-            unit = Long.parseLong(getValidityUnit());
-        } catch (NumberFormatException e) {
-            // safely ignore
-        }
-        filter.append("(");
-        filter.append("x509cert.duration");
-        filter.append(LDAPUtil.escapeFilter(op));
-        filter.append(count * unit);
-        filter.append(")");
-    }
-
-    private void buildCertTypeFilter(StringBuffer filter) {
-        if (!getCertTypeInUse()) {
-            return;
-        }
-        if (isOn(getCertTypeSSLClient())) {
-            filter.append("(x509cert.nsExtension.SSLClient=on)");
-        } else if (isOff(getCertTypeSSLClient())) {
-            filter.append("(x509cert.nsExtension.SSLClient=off)");
-        }
-        if (isOn(getCertTypeSSLServer())) {
-            filter.append("(x509cert.nsExtension.SSLServer=on)");
-        } else if (isOff(getCertTypeSSLServer())) {
-            filter.append("(x509cert.nsExtension.SSLServer=off)");
-        }
-        if (isOn(getCertTypeSecureEmail())) {
-            filter.append("(x509cert.nsExtension.SecureEmail=on)");
-        } else if (isOff(getCertTypeSecureEmail())) {
-            filter.append("(x509cert.nsExtension.SecureEmail=off)");
-        }
-        if (isOn(getCertTypeSubSSLCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
-        } else if (isOff(getCertTypeSubSSLCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
-        }
-        if (isOn(getCertTypeSubEmailCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
-        } else if (isOff(getCertTypeSubEmailCA())) {
-            filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
-        }
-    }
-
-    private boolean isOn(String value) {
-        String inUse = value;
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("on")) {
-            return true;
-        }
-        return false;
-    }
-
-    private boolean isOff(String value) {
-        String inUse = value;
-        if (inUse == null) {
-            return false;
-        }
-        if (inUse.equals("off")) {
-            return true;
-        }
-        return false;
-    }
-
-    private void buildAVAFilter(String param,
-            String avaName, StringBuffer lf, String match) {
-        if (param != null && !param.equals("")) {
-            if (match != null && match.equals(MATCH_EXACTLY)) {
-                lf.append("(|");
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
-                lf.append(",*)");
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
-                lf.append(")");
-                lf.append(")");
-            } else {
-                lf.append("(x509cert.subject=*");
-                lf.append(avaName);
-                lf.append("=");
-                lf.append("*");
-                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
-                lf.append("*)");
-            }
-        }
-
-    }
-
-    private String searchFilter = null;
-
-    public String getSearchFilter() {
-        return searchFilter;
-    }
-
-    public void setSearchFilter(String searchFilter) {
-        this.searchFilter = searchFilter;
-    }
-
-    public static CertSearchData valueOf(Reader reader) throws JAXBException {
-        JAXBContext context = JAXBContext.newInstance(CertSearchData.class);
-        Unmarshaller unmarshaller = context.createUnmarshaller();
-        return (CertSearchData) unmarshaller.unmarshal(reader);
-    }
-}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchRequest.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchRequest.java
new file mode 100644
index 000000000..54b9ad8e6
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/cert/model/CertSearchRequest.java
@@ -0,0 +1,862 @@
+//--- BEGIN COPYRIGHT BLOCK ---
+//This program is free software; you can redistribute it and/or modify
+//it under the terms of the GNU General Public License as published by
+//the Free Software Foundation; version 2 of the License.
+//
+//This program is distributed in the hope that it will be useful,
+//but WITHOUT ANY WARRANTY; without even the implied warranty of
+//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//GNU General Public License for more details.
+//
+//You should have received a copy of the GNU General Public License along
+//with this program; if not, write to the Free Software Foundation, Inc.,
+//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+//(C) 2011 Red Hat, Inc.
+//All rights reserved.
+//--- END COPYRIGHT BLOCK ---
+
+// TODO: This class is brute force. Come up with a way to divide these search filter entities into
+// smaller classes
+package com.netscape.cms.servlet.cert.model;
+
+import java.io.Reader;
+import java.util.Calendar;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import com.netscape.cmsutil.ldap.LDAPUtil;
+
+/**
+ * @author jmagne
+ *
+ */
+@XmlRootElement(name = "CertSearchRequest")
+@XmlAccessorType(XmlAccessType.FIELD)
+public class CertSearchRequest {
+
+    private final static String MATCH_EXACTLY = "exact";
+    //Serial Number
+    @XmlElement
+    protected boolean serialNumberRangeInUse;
+
+    @XmlElement
+    protected String serialTo;
+
+    @XmlElement
+    protected String serialFrom;
+
+    //Subject Name
+    @XmlElement
+    protected boolean subjectInUse;
+
+    @XmlElement
+    protected String eMail;
+
+    @XmlElement
+    protected String commonName;
+
+    @XmlElement
+    protected String userID;
+
+    @XmlElement
+    protected String orgUnit;
+
+    @XmlElement
+    protected String org;
+
+    @XmlElement
+    protected String locality;
+
+    @XmlElement
+    protected String state;
+
+    @XmlElement
+    protected String country;
+
+    @XmlElement
+    protected boolean matchExactly;
+
+    //Revoked By
+
+    @XmlElement
+    protected String revokedBy;
+
+    //Revoked On
+
+    @XmlElement
+    protected String revokedOnFrom;
+
+    @XmlElement
+    protected String revokedOnTo;
+
+    //Revocation Reason
+
+    @XmlElement
+    protected String revocationReason;
+
+    //Issued By
+
+    @XmlElement
+    protected String issuedBy;
+
+    //Issued On
+
+    @XmlElement
+    protected String issuedOnFrom;
+
+    @XmlElement
+    protected String issuedOnTo;
+
+    //Valid Not Before
+
+    @XmlElement
+    protected String validNotBeforeFrom;
+
+    @XmlElement
+    protected String validNotBeforeTo;
+
+    //Valid Not After
+
+    @XmlElement
+    protected String validNotAfterFrom;
+
+    @XmlElement
+    protected String validNotAfterTo;
+
+    //Validity Length
+
+    @XmlElement
+    protected String validityOperation;
+
+    @XmlElement
+    protected String validityCount;
+
+    @XmlElement
+    protected String validityUnit;
+
+    // Cert Type
+
+    @XmlElement
+    protected String certTypeSubEmailCA;
+
+    @XmlElement
+    protected String certTypeSubSSLCA;
+
+    @XmlElement
+    protected String certTypeSecureEmail;
+
+    @XmlElement
+    protected String certTypeSSLClient;
+
+    @XmlElement
+    protected String certTypeSSLServer;
+
+    //Revoked By
+    @XmlElement
+    protected boolean revokedByInUse;
+
+    //Revoked On
+    @XmlElement
+    protected boolean revokedOnInUse;
+
+    @XmlElement
+    protected boolean revocationReasonInUse;
+
+    @XmlElement
+    protected boolean issuedByInUse;
+
+    @XmlElement
+    protected boolean issuedOnInUse;
+
+    @XmlElement
+    protected boolean validNotBeforeInUse;
+
+    @XmlElement
+    protected boolean validNotAfterInUse;
+
+    @XmlElement
+    protected boolean validityLengthInUse;
+
+    @XmlElement
+    protected boolean certTypeInUse;
+
+    //Boolean values
+    public boolean getSerialNumberRangeInUse() {
+        return serialNumberRangeInUse;
+    }
+
+    public void setSerialNumberRangeInUse(boolean serialNumberRangeInUse) {
+        this.serialNumberRangeInUse = serialNumberRangeInUse;
+    }
+
+    public boolean getSubjectInUse() {
+        return subjectInUse;
+    }
+
+    public void setSubjectInUse(boolean subjectInUse) {
+        this.subjectInUse = subjectInUse;
+    }
+
+    public boolean getRevokedByInUse() {
+        return revokedByInUse;
+    }
+
+    public void setRevokedByInUse(boolean revokedByInUse) {
+        this.revokedByInUse = revokedByInUse;
+    }
+
+    public boolean getRevokedOnInUse() {
+        return revokedOnInUse;
+    }
+
+    public void setRevokedOnInUse(boolean revokedOnInUse) {
+        this.revokedOnInUse = revokedOnInUse;
+    }
+
+    public void setRevocationReasonInUse(boolean revocationReasonInUse) {
+        this.revocationReasonInUse = revocationReasonInUse;
+    }
+
+    public boolean getRevocationReasonInUse() {
+        return revocationReasonInUse;
+    }
+
+    public void setIssuedByInUse(boolean issuedByInUse) {
+        this.issuedByInUse = issuedByInUse;
+    }
+
+    public boolean getIssuedByInUse() {
+        return issuedByInUse;
+    }
+
+    public void setIssuedOnInUse(boolean issuedOnInUse) {
+        this.issuedOnInUse = issuedOnInUse;
+    }
+
+    public boolean getIssuedOnInUse() {
+        return issuedOnInUse;
+    }
+
+    public void setValidNotBeforeInUse(boolean validNotBeforeInUse) {
+        this.validNotBeforeInUse = validNotBeforeInUse;
+    }
+
+    public boolean getValidNotBeforeInUse() {
+        return validNotBeforeInUse;
+    }
+
+    public void setValidNotAfterInUse(boolean validNotAfterInUse) {
+        this.validNotAfterInUse = validNotAfterInUse;
+    }
+
+    public boolean getValidNotAfterInUse() {
+        return validNotAfterInUse;
+    }
+
+    public void setValidityLengthInUse(boolean validityLengthInUse) {
+        this.validityLengthInUse = validityLengthInUse;
+    }
+
+    public boolean getValidityLengthInUse() {
+        return validityLengthInUse;
+    }
+
+    public void setCertTypeInUse(boolean certTypeInUse) {
+        this.certTypeInUse = certTypeInUse;
+    }
+
+    public boolean getCertTypeInUse() {
+        return certTypeInUse;
+    }
+
+    //Actual Values
+
+    public String getSerialTo() {
+        return serialTo;
+    }
+
+    public void setSerialTo(String serialTo) {
+        this.serialTo = serialTo;
+    }
+
+    public String getSerialFrom() {
+        return serialFrom;
+    }
+
+    public void setSerialFrom(String serialFrom) {
+        this.serialFrom = serialFrom;
+    }
+
+    //Subject Name
+
+    public String getEmail() {
+        return eMail;
+    }
+
+    public void setEmail(String email) {
+        this.eMail = email;
+    }
+
+    public String getCommonName() {
+        return commonName;
+    }
+
+    public void setCommonName(String commonName) {
+        this.commonName = commonName;
+    }
+
+    public String getUserID() {
+        return userID;
+    }
+
+    public void setUserID(String userID) {
+        this.userID = userID;
+    }
+
+    public String getOrgUnit() {
+        return orgUnit;
+    }
+
+    public void setOrgUnit(String orgUnit) {
+        this.orgUnit = orgUnit;
+    }
+
+    public String getOrg() {
+        return org;
+    }
+
+    public void setOrg(String org) {
+        this.org = org;
+    }
+
+    public String getLocality() {
+        return locality;
+    }
+
+    public void setLocality(String locality) {
+        this.locality = locality;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+
+    public String getCountry() {
+        return country;
+    }
+
+    public void setCountry(String country) {
+        this.country = country;
+    }
+
+    public boolean getMatchExactly() {
+        return matchExactly;
+    }
+
+    public void setMatchExactly(boolean matchExactly) {
+        this.matchExactly = matchExactly;
+    }
+
+    //Revoked On
+
+    public String getRevokedOnTo() {
+        return revokedOnTo;
+    }
+
+    public void setRevokedOnTo(String revokedOnTo) {
+        this.revokedOnTo = revokedOnTo;
+    }
+
+    public String getRevokedOnFrom() {
+        return revokedOnFrom;
+    }
+
+    public void setRevokedOnFrom(String revokedOnFrom) {
+        this.revokedOnFrom = revokedOnFrom;
+    }
+
+    //Revoked By
+
+    public String getRevokedBy() {
+        return revokedBy;
+    }
+
+    public void setRevokedBy(String revokedBy) {
+        this.revokedBy = revokedBy;
+    }
+
+    //Revocation Reason
+
+    public String getRevocationReason() {
+        return revocationReason;
+    }
+
+    public void setRevocationReason(String revocationReason) {
+        this.revocationReason = revocationReason;
+    }
+
+    //Issued By
+
+    public String getIssuedBy() {
+        return issuedBy;
+    }
+
+    public void setIssuedBy(String issuedBy) {
+        this.issuedBy = issuedBy;
+    }
+
+    //Issued On
+
+    public String getIssuedOnFrom() {
+        return issuedOnFrom;
+    }
+
+    public void setIssuedOnFrom(String issuedOnFrom) {
+        this.issuedOnFrom = issuedOnFrom;
+    }
+
+    public String getIssuedOnTo() {
+        return getIssuedOnTo();
+    }
+
+    //Valid Not After
+
+    public String getValidNotAfterFrom() {
+        return validNotAfterFrom;
+    }
+
+    public void setValidNotAfterFrom(String validNotAfterFrom) {
+        this.validNotAfterFrom = validNotAfterFrom;
+    }
+
+    public String getValidNotAfterTo() {
+        return validNotAfterTo;
+    }
+
+    public void setValidNotAfterTo(String validNotAfterTo) {
+        this.validNotAfterTo = validNotAfterTo;
+    }
+
+    //Valid Not Before
+
+    public String getValidNotBeforeFrom() {
+        return validNotBeforeFrom;
+    }
+
+    public void setValidNotBeforeFrom(String validNotBeforeFrom) {
+        this.validNotBeforeFrom = validNotBeforeFrom;
+    }
+
+    public String getValidNotBeforeTo() {
+        return validNotBeforeTo;
+    }
+
+    public void setValidNotBeforeTo(String validNotBeforeTo) {
+        this.validNotBeforeTo = validNotBeforeTo;
+    }
+
+    //Validity Length
+
+    public String getValidityOperation() {
+        return validityOperation;
+    }
+
+    public void setValidityOperation(String validityOperation) {
+        this.validityOperation = validityOperation;
+    }
+
+    public String getValidityUnit() {
+        return validityUnit;
+    }
+
+    public void setValidityUnit(String validityUnit) {
+        this.validityUnit = validityUnit;
+    }
+
+    public String getValidityCount() {
+        return validityCount;
+    }
+
+    public void setValidityCount(String validityCount) {
+        this.validityCount = validityCount;
+    }
+
+    //Cert Type
+
+    public String getCertTypeSubEmailCA() {
+        return certTypeSubEmailCA;
+    }
+
+    public void setCertTypeSubEmailCA(String certTypeSubEmailCA) {
+        this.certTypeSubEmailCA = certTypeSubEmailCA;
+    }
+
+    public String getCertTypeSubSSLCA() {
+        return certTypeSubSSLCA;
+    }
+
+    public void setCertTypeSubSSLCA(String certTypeSubSSLCA) {
+        this.certTypeSubSSLCA = certTypeSubSSLCA;
+    }
+
+    public String getCertTypeSecureEmail() {
+        return certTypeSecureEmail;
+    }
+
+    public void setCertTypeSecureEmail(String certTypeSecureEmail) {
+        this.certTypeSecureEmail = certTypeSecureEmail;
+    }
+
+    public String getCertTypeSSLClient() {
+        return certTypeSSLClient;
+    }
+
+    public void setCertTypeSSLClient(String SSLClient) {
+        this.certTypeSSLClient = SSLClient;
+    }
+
+    public String getCertTypeSSLServer() {
+        return certTypeSSLServer;
+    }
+
+    public void setCertTypeSSLServer(String SSLServer) {
+        this.certTypeSSLServer = SSLServer;
+    }
+
+    public CertSearchRequest() {
+        // required for JAXB (defaults)
+    }
+
+    public void buildFromServletRequest(HttpServletRequest req) {
+        //Set values from the servlet request
+        if (req == null) {
+            return;
+        }
+    }
+
+    public CertSearchRequest(MultivaluedMap<String, String> form) {
+    }
+
+    public String buildFilter() {
+        StringBuffer filter = new StringBuffer();
+        buildSerialNumberRangeFilter(filter);
+        buildSubjectFilter(filter);
+        buildRevokedByFilter(filter);
+        buildRevokedOnFilter(filter);
+        buildRevocationReasonFilter(filter);
+        buildIssuedByFilter(filter);
+        buildIssuedOnFilter(filter);
+        buildValidNotBeforeFilter(filter);
+        buildValidNotAfterFilter(filter);
+        buildValidityLengthFilter(filter);
+        buildCertTypeFilter(filter);
+
+        searchFilter = filter.toString();
+
+        if (searchFilter != null && !searchFilter.equals("")) {
+            searchFilter = "(&" + searchFilter + ")";
+        }
+
+        return searchFilter;
+    }
+
+    private void buildSerialNumberRangeFilter(StringBuffer filter) {
+
+        if (!getSerialNumberRangeInUse()) {
+            return;
+        }
+        boolean changed = false;
+        String serialFrom = getSerialFrom();
+        if (serialFrom != null && !serialFrom.equals("")) {
+            filter.append("(certRecordId>=" + LDAPUtil.escapeFilter(serialFrom) + ")");
+            changed = true;
+        }
+        String serialTo = getSerialTo();
+        if (serialTo != null && !serialTo.equals("")) {
+            filter.append("(certRecordId<=" + LDAPUtil.escapeFilter(serialTo) + ")");
+            changed = true;
+        }
+        if (!changed) {
+            filter.append("(certRecordId=*)");
+        }
+
+    }
+
+    private void buildSubjectFilter(StringBuffer filter) {
+        if (!getSubjectInUse()) {
+            return;
+        }
+        StringBuffer lf = new StringBuffer();
+
+        String matchStr = null;
+        boolean match = getMatchExactly();
+
+        if (match == true) {
+            matchStr = MATCH_EXACTLY;
+        }
+
+        buildAVAFilter(getEmail(), "E", lf, matchStr);
+        buildAVAFilter(getCommonName(), "CN", lf, matchStr);
+        buildAVAFilter(getUserID(), "UID", lf, matchStr);
+        buildAVAFilter(getOrgUnit(), "OU", lf, matchStr);
+        buildAVAFilter(getOrg(), "O", lf, matchStr);
+        buildAVAFilter(getLocality(), "L", lf, matchStr);
+        buildAVAFilter(getState(), "ST", lf, matchStr);
+        buildAVAFilter(getCountry(), "C", lf, matchStr);
+
+        if (lf.length() == 0) {
+            filter.append("(x509cert.subject=*)");
+            return;
+        }
+        if (matchStr != null && matchStr.equals(MATCH_EXACTLY)) {
+            filter.append("(&");
+            filter.append(lf);
+            filter.append(")");
+        } else {
+            filter.append("(|");
+            filter.append(lf);
+            filter.append(")");
+        }
+    }
+
+    private void buildRevokedByFilter(StringBuffer filter) {
+        if (!getRevokedByInUse()) {
+            return;
+        }
+
+        String revokedBy = getRevokedBy();
+        if (revokedBy == null || revokedBy.equals("")) {
+            filter.append("(certRevokedBy=*)");
+        } else {
+            filter.append("(certRevokedBy=");
+            filter.append(LDAPUtil.escapeFilter(revokedBy));
+            filter.append(")");
+        }
+    }
+
+    private void buildDateFilter(String prefix,
+            String outStr, long adjustment,
+            StringBuffer filter) {
+        long epoch = 0;
+        try {
+            epoch = Long.parseLong(prefix);
+        } catch (NumberFormatException e) {
+            // exception safely ignored
+        }
+        Calendar from = Calendar.getInstance();
+        from.setTimeInMillis(epoch);
+        filter.append("(");
+        filter.append(LDAPUtil.escapeFilter(outStr));
+        filter.append(Long.toString(from.getTimeInMillis() + adjustment));
+        filter.append(")");
+    }
+
+    private void buildRevokedOnFilter(StringBuffer filter) {
+        if (!getRevokedOnInUse()) {
+            return;
+        }
+        buildDateFilter(getRevokedOnFrom(), "certRevokedOn>=", 0, filter);
+        buildDateFilter(getRevokedOnTo(), "certRevokedOn<=", 86399999, filter);
+    }
+
+    private void buildRevocationReasonFilter(StringBuffer filter) {
+        if (!getRevocationReasonInUse()) {
+            return;
+        }
+        String reasons = getRevocationReason();
+        if (reasons == null) {
+            return;
+        }
+        String queryCertFilter = null;
+        StringTokenizer st = new StringTokenizer(reasons, ",");
+        if (st.hasMoreTokens()) {
+            filter.append("(|");
+            while (st.hasMoreTokens()) {
+                String token = st.nextToken();
+                if (queryCertFilter == null) {
+                    queryCertFilter = "";
+                }
+                filter.append("(x509cert.certRevoInfo=");
+                filter.append(LDAPUtil.escapeFilter(token));
+                filter.append(")");
+            }
+            filter.append(")");
+        }
+    }
+
+    private void buildIssuedByFilter(StringBuffer filter) {
+        if (!getIssuedByInUse()) {
+            return;
+        }
+        String issuedBy = getIssuedBy();
+        ;
+        if (issuedBy == null || issuedBy.equals("")) {
+            filter.append("(certIssuedBy=*)");
+        } else {
+            filter.append("(certIssuedBy=");
+            filter.append(LDAPUtil.escapeFilter(issuedBy));
+            filter.append(")");
+        }
+    }
+
+    private void buildIssuedOnFilter(StringBuffer filter) {
+        if (!getIssuedOnInUse()) {
+            return;
+        }
+        buildDateFilter(getIssuedOnFrom(), "certCreateTime>=", 0, filter);
+        buildDateFilter(getIssuedOnTo(), "certCreateTime<=", 86399999, filter);
+    }
+
+    private void buildValidNotBeforeFilter(StringBuffer filter) {
+        if (!getValidNotBeforeInUse()) {
+            return;
+        }
+        buildDateFilter(validNotBeforeFrom, "x509cert.notBefore>=", 0, filter);
+        buildDateFilter(validNotBeforeTo, "x509cert.notBefore<=", 86399999, filter);
+
+    }
+
+    private void buildValidNotAfterFilter(StringBuffer filter) {
+        if (!getValidNotAfterInUse()) {
+            return;
+        }
+        buildDateFilter(getValidNotAfterFrom(), "x509cert.notAfter>=", 0, filter);
+        buildDateFilter(getValidNotAfterTo(), "x509cert.notAfter<=", 86399999, filter);
+
+    }
+
+    private void buildValidityLengthFilter(StringBuffer filter) {
+        if (!getValidityLengthInUse()) {
+            return;
+        }
+        String op = getValidityOperation();
+        long count = 0;
+        try {
+            count = Long.parseLong(getValidityCount());
+        } catch (NumberFormatException e) {
+            // safely ignore
+        }
+        long unit = 0;
+        try {
+            unit = Long.parseLong(getValidityUnit());
+        } catch (NumberFormatException e) {
+            // safely ignore
+        }
+        filter.append("(");
+        filter.append("x509cert.duration");
+        filter.append(LDAPUtil.escapeFilter(op));
+        filter.append(count * unit);
+        filter.append(")");
+    }
+
+    private void buildCertTypeFilter(StringBuffer filter) {
+        if (!getCertTypeInUse()) {
+            return;
+        }
+        if (isOn(getCertTypeSSLClient())) {
+            filter.append("(x509cert.nsExtension.SSLClient=on)");
+        } else if (isOff(getCertTypeSSLClient())) {
+            filter.append("(x509cert.nsExtension.SSLClient=off)");
+        }
+        if (isOn(getCertTypeSSLServer())) {
+            filter.append("(x509cert.nsExtension.SSLServer=on)");
+        } else if (isOff(getCertTypeSSLServer())) {
+            filter.append("(x509cert.nsExtension.SSLServer=off)");
+        }
+        if (isOn(getCertTypeSecureEmail())) {
+            filter.append("(x509cert.nsExtension.SecureEmail=on)");
+        } else if (isOff(getCertTypeSecureEmail())) {
+            filter.append("(x509cert.nsExtension.SecureEmail=off)");
+        }
+        if (isOn(getCertTypeSubSSLCA())) {
+            filter.append("(x509cert.nsExtension.SubordinateSSLCA=on)");
+        } else if (isOff(getCertTypeSubSSLCA())) {
+            filter.append("(x509cert.nsExtension.SubordinateSSLCA=off)");
+        }
+        if (isOn(getCertTypeSubEmailCA())) {
+            filter.append("(x509cert.nsExtension.SubordinateEmailCA=on)");
+        } else if (isOff(getCertTypeSubEmailCA())) {
+            filter.append("(x509cert.nsExtension.SubordinateEmailCA=off)");
+        }
+    }
+
+    private boolean isOn(String value) {
+        String inUse = value;
+        if (inUse == null) {
+            return false;
+        }
+        if (inUse.equals("on")) {
+            return true;
+        }
+        return false;
+    }
+
+    private boolean isOff(String value) {
+        String inUse = value;
+        if (inUse == null) {
+            return false;
+        }
+        if (inUse.equals("off")) {
+            return true;
+        }
+        return false;
+    }
+
+    private void buildAVAFilter(String param,
+            String avaName, StringBuffer lf, String match) {
+        if (param != null && !param.equals("")) {
+            if (match != null && match.equals(MATCH_EXACTLY)) {
+                lf.append("(|");
+                lf.append("(x509cert.subject=*");
+                lf.append(avaName);
+                lf.append("=");
+                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+                lf.append(",*)");
+                lf.append("(x509cert.subject=*");
+                lf.append(avaName);
+                lf.append("=");
+                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+                lf.append(")");
+                lf.append(")");
+            } else {
+                lf.append("(x509cert.subject=*");
+                lf.append(avaName);
+                lf.append("=");
+                lf.append("*");
+                lf.append(LDAPUtil.escapeFilter(LDAPUtil.escapeDN(param, false)));
+                lf.append("*)");
+            }
+        }
+
+    }
+
+    private String searchFilter = null;
+
+    public String getSearchFilter() {
+        return searchFilter;
+    }
+
+    public void setSearchFilter(String searchFilter) {
+        this.searchFilter = searchFilter;
+    }
+
+    public static CertSearchRequest valueOf(Reader reader) throws JAXBException {
+        JAXBContext context = JAXBContext.newInstance(CertSearchRequest.class);
+        Unmarshaller unmarshaller = context.createUnmarshaller();
+        return (CertSearchRequest) unmarshaller.unmarshal(reader);
+    }
+}
diff --git a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java b/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
deleted file mode 100644
index bfdb894cb..000000000
--- a/base/common/src/com/netscape/cms/servlet/cert/model/CertificateData.java
+++ /dev/null
@@ -1,283 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2012 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package com.netscape.cms.servlet.cert.model;
-
-import java.io.PrintWriter;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-
-import org.jboss.resteasy.plugins.providers.atom.Link;
-
-import com.netscape.certsrv.dbs.certdb.CertId;
-import com.netscape.certsrv.dbs.certdb.CertIdAdapter;
-
-/**
- * @author alee
- *
- */
-@XmlRootElement(name = "CertificateData")
-public class CertificateData {
-
-    public static Marshaller marshaller;
-    public static Unmarshaller unmarshaller;
-
-    static {
-        try {
-            marshaller = JAXBContext.newInstance(CertificateData.class).createMarshaller();
-            marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
-            unmarshaller = JAXBContext.newInstance(CertificateData.class).createUnmarshaller();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-
-    CertId serialNumber;
-    String issuerDN;
-    String subjectDN;
-    String prettyPrint;
-    String encoded;
-    String pkcs7CertChain;
-    String notBefore;
-    String notAfter;
-    String status;
-
-    Link link;
-
-    @XmlAttribute(name="id")
-    @XmlJavaTypeAdapter(CertIdAdapter.class)
-    public CertId getSerialNumber() {
-        return serialNumber;
-    }
-
-    public void setSerialNumber(CertId serialNumber) {
-        this.serialNumber = serialNumber;
-    }
-
-    @XmlElement(name="IssuerDN")
-    public String getIssuerDN() {
-        return issuerDN;
-    }
-
-    public void setIssuerDN(String issuerDN) {
-        this.issuerDN = issuerDN;
-    }
-
-    @XmlElement(name="SubjectDN")
-    public String getSubjectDN() {
-        return subjectDN;
-    }
-
-    public void setSubjectDN(String subjectDN) {
-        this.subjectDN = subjectDN;
-    }
-
-    @XmlElement(name="PrettyPrint")
-    public String getPrettyPrint() {
-        return prettyPrint;
-    }
-
-    public void setPrettyPrint(String prettyPrint) {
-        this.prettyPrint = prettyPrint;
-    }
-
-    @XmlElement(name="Encoded")
-    public String getEncoded() {
-        return encoded;
-    }
-
-    public void setEncoded(String encoded) {
-        this.encoded = encoded;
-    }
-
-    @XmlElement(name="PKCS7CertChain")
-    public void setPkcs7CertChain(String chain) {
-        this.pkcs7CertChain = chain;
-    }
-
-    public String getPkcs7CertChain() {
-        return pkcs7CertChain;
-    }
-
-    @XmlElement(name="NotBefore")
-    public String getNotBefore() {
-        return notBefore;
-    }
-
-    public void setNotBefore(String notBefore) {
-        this.notBefore = notBefore;
-    }
-
-    @XmlElement(name="NotAfter")
-    public String getNotAfter() {
-        return notAfter;
-    }
-
-    public void setNotAfter(String notAfter) {
-        this.notAfter = notAfter;
-    }
-
-    @XmlElement(name="Status")
-    public String getStatus() {
-        return status;
-    }
-
-    public void setStatus(String status) {
-        this.status = status;
-    }
-
-    @XmlElement(name="Link")
-    public Link getLink() {
-        return link;
-    }
-
-    public void setLink(Link link) {
-        this.link = link;
-    }
-
-    @Override
-    public int hashCode() {
-        final int prime = 31;
-        int result = 1;
-        result = prime * result + ((encoded == null) ? 0 : encoded.hashCode());
-        result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode());
-        result = prime * result + ((notAfter == null) ? 0 : notAfter.hashCode());
-        result = prime * result + ((notBefore == null) ? 0 : notBefore.hashCode());
-        result = prime * result + ((pkcs7CertChain == null) ? 0 : pkcs7CertChain.hashCode());
-        result = prime * result + ((prettyPrint == null) ? 0 : prettyPrint.hashCode());
-        result = prime * result + ((serialNumber == null) ? 0 : serialNumber.hashCode());
-        result = prime * result + ((status == null) ? 0 : status.hashCode());
-        result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
-        return result;
-    }
-
-    @Override
-    public boolean equals(Object obj) {
-        if (this == obj)
-            return true;
-        if (obj == null)
-            return false;
-        if (getClass() != obj.getClass())
-            return false;
-        CertificateData other = (CertificateData) obj;
-        if (encoded == null) {
-            if (other.encoded != null)
-                return false;
-        } else if (!encoded.equals(other.encoded))
-            return false;
-        if (issuerDN == null) {
-            if (other.issuerDN != null)
-                return false;
-        } else if (!issuerDN.equals(other.issuerDN))
-            return false;
-        if (notAfter == null) {
-            if (other.notAfter != null)
-                return false;
-        } else if (!notAfter.equals(other.notAfter))
-            return false;
-        if (notBefore == null) {
-            if (other.notBefore != null)
-                return false;
-        } else if (!notBefore.equals(other.notBefore))
-            return false;
-        if (pkcs7CertChain == null) {
-            if (other.pkcs7CertChain != null)
-                return false;
-        } else if (!pkcs7CertChain.equals(other.pkcs7CertChain))
-            return false;
-        if (prettyPrint == null) {
-            if (other.prettyPrint != null)
-                return false;
-        } else if (!prettyPrint.equals(other.prettyPrint))
-            return false;
-        if (serialNumber == null) {
-            if (other.serialNumber != null)
-                return false;
-        } else if (!serialNumber.equals(other.serialNumber))
-            return false;
-        if (status == null) {
-            if (other.status != null)
-                return false;
-        } else if (!status.equals(other.status))
-            return false;
-        if (subjectDN == null) {
-            if (other.subjectDN != null)
-                return false;
-        } else if (!subjectDN.equals(other.subjectDN))
-            return false;
-        return true;
-    }
-
-    public String toString() {
-        try {
-            StringWriter sw = new StringWriter();
-            marshaller.marshal(this, sw);
-            return sw.toString();
-
-        } catch (Exception e) {
-            return super.toString();
-        }
-    }
-
-    public static CertificateData valueOf(String string) throws Exception {
-        try {
-            return (CertificateData)unmarshaller.unmarshal(new StringReader(string));
-        } catch (Exception e) {
-            return null;
-        }
-    }
-
-    public static void main(String args[]) throws Exception {
-
-        StringWriter sw = new StringWriter();
-        PrintWriter out = new PrintWriter(sw, true);
-
-        out.println("-----BEGIN CERTIFICATE-----");
-        out.println("MIIB/zCCAWgCCQCtpWH58pqsejANBgkqhkiG9w0BAQUFADBEMRQwEgYDVQQKDAtF");
-        out.println("WEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYDVQQDDAlU");
-        out.println("ZXN0IFVzZXIwHhcNMTIwNTE0MTcxNzI3WhcNMTMwNTE0MTcxNzI3WjBEMRQwEgYD");
-        out.println("VQQKDAtFWEFNUExFLUNPTTEYMBYGCgmSJomT8ixkAQEMCHRlc3R1c2VyMRIwEAYD");
-        out.println("VQQDDAlUZXN0IFVzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKmmiPJp");
-        out.println("Agh/gPUAZjfgJ3a8QiHvpMzZ/hZy1FVP3+2sNhCkMv+D/I8Y7AsrbJGxxvD7bTDm");
-        out.println("zQYtYx2ryGyOgY7KBRxEj/IrNVHIkJMYq5G/aIU4FAzpc6ntNSwUQBYUAamfK8U6");
-        out.println("Wo4Cp6rLePXIDE6sfGn3VX6IeSJ8U2V+vwtzAgMBAAEwDQYJKoZIhvcNAQEFBQAD");
-        out.println("gYEAY9bjcD/7Z+oX6gsJtX6Rd79E7X5IBdOdArYzHNE4vjdaQrZw6oCxrY8ffpKC");
-        out.println("0T0q5PX9I7er+hx/sQjGPMrJDEN+vFBSNrZE7sTeLRgkyiqGvChSyuG05GtGzXO4");
-        out.println("bFBr+Gwk2VF2wJvOhTXU2hN8sfkkd9clzIXuL8WCDhWk1bY=");
-        out.println("-----END CERTIFICATE-----");
-
-        CertificateData before = new CertificateData();
-        before.setSerialNumber(new CertId("12512514865863765114"));
-        before.setIssuerDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
-        before.setSubjectDN("CN=Test User,UID=testuser,O=EXAMPLE-COM");
-        before.setEncoded(sw.toString());
-
-        String string = before.toString();
-        System.out.println(string);
-
-        CertificateData after = CertificateData.valueOf(string);
-        System.out.println(before.equals(after));
-    }
-}
-- 
cgit