Hi team, The attached patches add a search parameter for issuer DN, and include the issuer DN in the search results.
Cheers, Fraser
From 70d751e837cbf375ebd068169e591cd4a971f472 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <[email protected]> Date: Tue, 10 May 2016 13:03:15 +1000 Subject: [PATCH 106/107] Support certificate search by issuer DN. Now that Dogtag can host multiple CAs in a single instance, add a certificate search parameter for limiting searches to a particular issuer. Fixes: https://fedorahosted.org/pki/ticket/2321 --- .../src/com/netscape/certsrv/cert/CertSearchRequest.java | 11 +++++++++++ .../cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java index 33ff3fc6847612424c5e3149da2d1f1f2f6161c2..9c4d16dc1a485fba23330b94b958ccd91b1964e6 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java +++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java @@ -40,6 +40,9 @@ import javax.xml.bind.annotation.XmlRootElement; @XmlAccessorType(XmlAccessType.FIELD) public class CertSearchRequest { + @XmlElement + protected String issuerDN; + //Serial Number @XmlElement protected boolean serialNumberRangeInUse; @@ -189,6 +192,14 @@ public class CertSearchRequest { @XmlElement protected boolean certTypeInUse; + public String getIssuerDN() { + return issuerDN; + } + + public void setIssuerDN(String issuerDN) { + this.issuerDN = issuerDN; + } + //Boolean values public boolean getSerialNumberRangeInUse() { return serialNumberRangeInUse; diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java index be44c47b5f7979b5a2bd35254ce65b27409e8af0..55f32d27e92cf55172c2709dd79b848eef849311 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java +++ b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java @@ -42,6 +42,7 @@ public class FilterBuilder { public String buildFilter() { + buildIssuerDNFilter(); buildSerialNumberRangeFilter(); buildSubjectFilter(); buildStatusFilter(); @@ -70,6 +71,15 @@ public class FilterBuilder { } } + private void buildIssuerDNFilter() { + String issuerDN = request.getIssuerDN(); + if (issuerDN != null && !issuerDN.isEmpty()) { + filters.add( + "(" + ICertRecord.ATTR_X509CERT_ISSUER + + "=" + LDAPUtil.escapeFilter(issuerDN) + ")"); + } + } + private void buildSerialNumberRangeFilter() { String serialFrom = request.getSerialFrom(); -- 2.5.5
From 502db07ee8ef3e9f6b4bc2b030b29e8db639bc69 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <[email protected]> Date: Tue, 10 May 2016 13:44:42 +1000 Subject: [PATCH 107/107] Include issuer DN in CertDataInfo Now that Dogtag can host multiple CAs in a single instance, indicate the issuer DN in the CertDataInfo structure that is returned for certificate searches. Fixes: https://fedorahosted.org/pki/ticket/2322 --- .../ca/src/org/dogtagpki/server/ca/rest/CertService.java | 1 + .../src/com/netscape/certsrv/cert/CertDataInfo.java | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java index f219db63e4e1132f1fe166f5e753c650baa9344d..2c5fa52b8e13f8c9bc033b9bc9a850e6220cef33 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java @@ -552,6 +552,7 @@ public class CertService extends PKIService implements CertResource { info.setID(id); X509Certificate cert = record.getCertificate(); + info.setIssuerDN(cert.getIssuerDN().toString()); info.setSubjectDN(cert.getSubjectDN().toString()); info.setStatus(record.getStatus()); info.setVersion(cert.getVersion()); diff --git a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java index 88903547cae9812473e1c69a3dbde122cba8bc3e..a73cb5e3acec6a7398aa94c1ce8369d190199dc8 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java +++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java @@ -61,6 +61,7 @@ public class CertDataInfo { CertId id; String subjectDN; + String issuerDN; String status; String type; Integer version; @@ -92,6 +93,15 @@ public class CertDataInfo { this.subjectDN = subjectDN; } + @XmlElement(name="IssuerDN") + public String getIssuerDN() { + return issuerDN; + } + + public void setIssuerDN(String issuerDN) { + this.issuerDN = issuerDN; + } + @XmlElement(name="Status") public String getStatus() { return status; @@ -199,6 +209,7 @@ public class CertDataInfo { result = prime * result + ((notValidBefore == null) ? 0 : notValidBefore.hashCode()); result = prime * result + ((status == null) ? 0 : status.hashCode()); result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode()); + result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode()); result = prime * result + ((type == null) ? 0 : type.hashCode()); result = prime * result + ((version == null) ? 0 : version.hashCode()); return result; @@ -263,6 +274,11 @@ public class CertDataInfo { return false; } else if (!subjectDN.equals(other.subjectDN)) return false; + if (issuerDN == null) { + if (other.issuerDN != null) return false; + } else if (!issuerDN.equals(other.issuerDN)) { + return false; + } if (type == null) { if (other.type != null) return false; -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
