From 465fa069ba67d655be28e1a3b9417dff19148e9f Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 11 Jun 2015 08:22:36 -0400 Subject: Store issuer DN in certificate records Lightweight CAs mean that we may wish to filter certificates based on the issuer. Update X509CertImplMapper to store the issuer DN in each certificate record, using exiting schema. Also add indices for the 'issuerName' LDAP attribute. --- base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java | 1 + .../cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java | 5 +++++ 2 files changed, 6 insertions(+) (limited to 'base/server/cmscore/src/com/netscape/cmscore/dbs') diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java index 916e83a8a..ec1de1ca8 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CertDBSchema.java @@ -42,6 +42,7 @@ public class CertDBSchema { public static final String LDAP_ATTR_VERSION = "version"; public static final String LDAP_ATTR_DURATION = "duration"; public static final String LDAP_ATTR_SUBJECT = "subjectName"; + public static final String LDAP_ATTR_ISSUER = "issuerName"; public static final String LDAP_ATTR_ALGORITHM = "algorithmId"; public static final String LDAP_ATTR_SIGNING_ALGORITHM = "signingAlgorithmId"; public static final String LDAP_ATTR_REVO_INFO = "revInfo"; diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java index ef8577747..d67f8e5df 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/X509CertImplMapper.java @@ -61,6 +61,7 @@ public class X509CertImplMapper implements IDBAttrMapper { v.addElement(CertDBSchema.LDAP_ATTR_DURATION); v.addElement(CertDBSchema.LDAP_ATTR_EXTENSION); v.addElement(CertDBSchema.LDAP_ATTR_SUBJECT); + v.addElement(CertDBSchema.LDAP_ATTR_ISSUER); v.addElement(CertDBSchema.LDAP_ATTR_SIGNED_CERT); v.addElement(CertDBSchema.LDAP_ATTR_VERSION); v.addElement(CertDBSchema.LDAP_ATTR_ALGORITHM); @@ -90,6 +91,8 @@ public class X509CertImplMapper implements IDBAttrMapper { DBSUtil.longToDB(notAfter.getTime() - notBefore.getTime()))); attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT, cert.getSubjectDN().getName())); + attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_ISSUER, + cert.getIssuerDN().getName())); attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA, cert.getPublicKey().getEncoded())); // make extension searchable Set nonCritSet = cert.getNonCriticalExtensionOIDs(); @@ -300,6 +303,8 @@ public class X509CertImplMapper implements IDBAttrMapper { } } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SUBJECT)) { name = CertDBSchema.LDAP_ATTR_SUBJECT; + } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_ISSUER)) { + name = CertDBSchema.LDAP_ATTR_ISSUER; } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_PUBLIC_KEY_DATA)) { name = CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA; } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_DURATION)) { -- cgit