From 8803f28aca4d0b4b55825d13c29772b87aa0de92 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 15 Jun 2017 04:00:52 +0200
Subject: Added search filter for pki ca-authority-find.

The pki ca-authority-find CLI has been modified to provide search
filter based on the authority ID, parent ID, authority DN, and
issuer DN.

https://pagure.io/dogtagpki/issue/2652

Change-Id: I563a0b93eb7a00ae4771069812455ecc552f407c
---
 .../dogtagpki/server/ca/rest/AuthorityService.java | 31 +++++++++++++++++++---
 .../certsrv/authority/AuthorityClient.java         |  8 ++++--
 .../certsrv/authority/AuthorityResource.java       | 12 ++++++---
 .../cmstools/authority/AuthorityFindCLI.java       | 29 ++++++++++++++++++--
 4 files changed, 70 insertions(+), 10 deletions(-)

(limited to 'base')

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
index 7ba95963a..8502f44ca 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/AuthorityService.java
@@ -60,6 +60,8 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cms.servlet.base.SubsystemService;
 import com.netscape.cmsutil.util.Utils;
 
+import netscape.security.x509.X500Name;
+
 /**
  * @author ftweedal
  */
@@ -72,13 +74,36 @@ public class AuthorityService extends SubsystemService implements AuthorityResou
     }
 
     @Override
-    public Response listCAs() {
+    public Response findCAs(String id, String parentID, String dn, String issuerDN) throws Exception {
+
+        X500Name x500dn = dn == null ? null : new X500Name(dn);
+        X500Name x500issuerDN = issuerDN == null ? null : new X500Name(issuerDN);
+
         List<AuthorityData> results = new ArrayList<>();
-        for (ICertificateAuthority ca : hostCA.getCAs())
-            results.add(readAuthorityData(ca));
+
+        for (ICertificateAuthority ca : hostCA.getCAs()) {
+
+            AuthorityData authority = readAuthorityData(ca);
+
+            if (id != null && !id.equalsIgnoreCase(authority.getID())) continue;
+            if (parentID != null && !parentID.equalsIgnoreCase(authority.getParentID())) continue;
+
+            if (x500dn != null) {
+                X500Name caDN = new X500Name(authority.getDN());
+                if (!x500dn.equals(caDN)) continue;
+            }
+
+            if (x500issuerDN != null) {
+                X500Name caIssuerDN = new X500Name(authority.getIssuerDN());
+                if (!x500issuerDN.equals(caIssuerDN)) continue;
+            }
+
+            results.add(authority);
+        }
 
         GenericEntity<List<AuthorityData>> entity =
             new GenericEntity<List<AuthorityData>>(results) {};
+
         return createOKResponse(entity);
     }
 
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
index 5a80877ca..f8ca98be2 100644
--- a/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
+++ b/base/common/src/com/netscape/certsrv/authority/AuthorityClient.java
@@ -38,8 +38,12 @@ public class AuthorityClient extends Client {
         proxy = createProxy(AuthorityResource.class);
     }
 
-    public List<AuthorityData> listCAs() {
-        Response response = proxy.listCAs();
+    public List<AuthorityData> listCAs() throws Exception {
+        return findCAs(null, null, null, null);
+    }
+
+    public List<AuthorityData> findCAs(String id, String parentID, String dn, String issuerDN) throws Exception {
+        Response response = proxy.findCAs(id, parentID, dn, issuerDN);
         GenericType<List<AuthorityData>> type = new GenericType<List<AuthorityData>>() {};
         return client.getEntity(response, type);
     }
diff --git a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
index 0f8b70ade..0e915dba1 100644
--- a/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
+++ b/base/common/src/com/netscape/certsrv/authority/AuthorityResource.java
@@ -7,6 +7,7 @@ import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 
 import org.jboss.resteasy.annotations.ClientResponseType;
@@ -20,11 +21,16 @@ public interface AuthorityResource {
     public static final String HOST_AUTHORITY = "host-authority";
 
     @GET
-    public Response listCAs();
-    /*
+    public Response findCAs(
+            @QueryParam("id") String id,
+            @QueryParam("parentID") String parentID,
+            @QueryParam("dn") String dn,
+            @QueryParam("issuerDN") String issuerDN
+            /*
             @QueryParam("start") Integer start,
-            @QueryParam("size") Integer size);
+            @QueryParam("size") Integer size
             */
+            ) throws Exception;
 
     @GET
     @Path("{id}")
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java
index 6cd06be9f..75f83c0d5 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityFindCLI.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
 
 import com.netscape.certsrv.authority.AuthorityClient;
 import com.netscape.certsrv.authority.AuthorityData;
@@ -17,12 +18,32 @@ public class AuthorityFindCLI extends CLI {
     public AuthorityFindCLI(AuthorityCLI authorityCLI) {
         super("find", "Find CAs", authorityCLI);
         this.authorityCLI = authorityCLI;
+
+        createOptions();
     }
 
     public void printHelp() {
         formatter.printHelp(getFullName(), options);
     }
 
+    public void createOptions() {
+        Option option = new Option(null, "id", true, "Authority ID");
+        option.setArgName("ID");
+        options.addOption(option);
+
+        option = new Option(null, "parent-id", true, "Authority parent ID");
+        option.setArgName("ID");
+        options.addOption(option);
+
+        option = new Option(null, "dn", true, "Authority DN");
+        option.setArgName("DN");
+        options.addOption(option);
+
+        option = new Option(null, "issuer-dn", true, "Authority issuer DN");
+        option.setArgName("DN");
+        options.addOption(option);
+    }
+
     public void execute(String[] args) throws Exception {
         // Always check for "--help" prior to parsing
         if (Arrays.asList(args).contains("--help")) {
@@ -30,11 +51,15 @@ public class AuthorityFindCLI extends CLI {
             return;
         }
 
-        @SuppressWarnings("unused")
         CommandLine cmd = parser.parse(options, args);
 
+        String id = cmd.getOptionValue("id");
+        String parentID = cmd.getOptionValue("parent-id");
+        String dn = cmd.getOptionValue("dn");
+        String issuerDN = cmd.getOptionValue("issuer-dn");
+
         AuthorityClient authorityClient = authorityCLI.getAuthorityClient();
-        List<AuthorityData> datas = authorityClient.listCAs();
+        List<AuthorityData> datas = authorityClient.findCAs(id, parentID, dn, issuerDN);
 
         MainCLI.printMessage(datas.size() + " entries matched");
         if (datas.size() == 0) return;
-- 
cgit