From 70d751e837cbf375ebd068169e591cd4a971f472 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Tue, 10 May 2016 13:03:15 +1000
Subject: Support certificate search by issuer DN.

Now that Dogtag can host multiple CAs in a single instance, add a
certificate search parameter for limiting searches to a particular
issuer.

Fixes: https://fedorahosted.org/pki/ticket/2321
---
 .../cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java   | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'base/server/cms/src/com')

diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
index be44c47b5..55f32d27e 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
@@ -42,6 +42,7 @@ public class FilterBuilder {
 
     public String buildFilter() {
 
+        buildIssuerDNFilter();
         buildSerialNumberRangeFilter();
         buildSubjectFilter();
         buildStatusFilter();
@@ -70,6 +71,15 @@ public class FilterBuilder {
         }
     }
 
+    private void buildIssuerDNFilter() {
+        String issuerDN = request.getIssuerDN();
+        if (issuerDN != null && !issuerDN.isEmpty()) {
+            filters.add(
+                "(" + ICertRecord.ATTR_X509CERT_ISSUER
+                + "=" + LDAPUtil.escapeFilter(issuerDN) + ")");
+        }
+    }
+
     private void buildSerialNumberRangeFilter() {
 
         String serialFrom = request.getSerialFrom();
-- 
cgit