[Pki-devel] [PATCH] 0106..0107 Add issuer DN to cert search params/result
Fraser Tweedale
ftweedal at redhat.com
Tue May 10 03:49:11 UTC 2016
Hi team,
The attached patches add a search parameter for issuer DN, and
include the issuer DN in the search results.
Cheers,
Fraser
-------------- next part --------------
From 70d751e837cbf375ebd068169e591cd4a971f472 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Tue, 10 May 2016 13:03:15 +1000
Subject: [PATCH 106/107] Support certificate search by issuer DN.
Now that Dogtag can host multiple CAs in a single instance, add a
certificate search parameter for limiting searches to a particular
issuer.
Fixes: https://fedorahosted.org/pki/ticket/2321
---
.../src/com/netscape/certsrv/cert/CertSearchRequest.java | 11 +++++++++++
.../cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java | 10 ++++++++++
2 files changed, 21 insertions(+)
diff --git a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
index 33ff3fc6847612424c5e3149da2d1f1f2f6161c2..9c4d16dc1a485fba23330b94b958ccd91b1964e6 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertSearchRequest.java
@@ -40,6 +40,9 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlAccessorType(XmlAccessType.FIELD)
public class CertSearchRequest {
+ @XmlElement
+ protected String issuerDN;
+
//Serial Number
@XmlElement
protected boolean serialNumberRangeInUse;
@@ -189,6 +192,14 @@ public class CertSearchRequest {
@XmlElement
protected boolean certTypeInUse;
+ public String getIssuerDN() {
+ return issuerDN;
+ }
+
+ public void setIssuerDN(String issuerDN) {
+ this.issuerDN = issuerDN;
+ }
+
//Boolean values
public boolean getSerialNumberRangeInUse() {
return serialNumberRangeInUse;
diff --git a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
index be44c47b5f7979b5a2bd35254ce65b27409e8af0..55f32d27e92cf55172c2709dd79b848eef849311 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/cert/FilterBuilder.java
@@ -42,6 +42,7 @@ public class FilterBuilder {
public String buildFilter() {
+ buildIssuerDNFilter();
buildSerialNumberRangeFilter();
buildSubjectFilter();
buildStatusFilter();
@@ -70,6 +71,15 @@ public class FilterBuilder {
}
}
+ private void buildIssuerDNFilter() {
+ String issuerDN = request.getIssuerDN();
+ if (issuerDN != null && !issuerDN.isEmpty()) {
+ filters.add(
+ "(" + ICertRecord.ATTR_X509CERT_ISSUER
+ + "=" + LDAPUtil.escapeFilter(issuerDN) + ")");
+ }
+ }
+
private void buildSerialNumberRangeFilter() {
String serialFrom = request.getSerialFrom();
--
2.5.5
-------------- next part --------------
From 502db07ee8ef3e9f6b4bc2b030b29e8db639bc69 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Tue, 10 May 2016 13:44:42 +1000
Subject: [PATCH 107/107] Include issuer DN in CertDataInfo
Now that Dogtag can host multiple CAs in a single instance, indicate
the issuer DN in the CertDataInfo structure that is returned for
certificate searches.
Fixes: https://fedorahosted.org/pki/ticket/2322
---
.../ca/src/org/dogtagpki/server/ca/rest/CertService.java | 1 +
.../src/com/netscape/certsrv/cert/CertDataInfo.java | 16 ++++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
index f219db63e4e1132f1fe166f5e753c650baa9344d..2c5fa52b8e13f8c9bc033b9bc9a850e6220cef33 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
@@ -552,6 +552,7 @@ public class CertService extends PKIService implements CertResource {
info.setID(id);
X509Certificate cert = record.getCertificate();
+ info.setIssuerDN(cert.getIssuerDN().toString());
info.setSubjectDN(cert.getSubjectDN().toString());
info.setStatus(record.getStatus());
info.setVersion(cert.getVersion());
diff --git a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
index 88903547cae9812473e1c69a3dbde122cba8bc3e..a73cb5e3acec6a7398aa94c1ce8369d190199dc8 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertDataInfo.java
@@ -61,6 +61,7 @@ public class CertDataInfo {
CertId id;
String subjectDN;
+ String issuerDN;
String status;
String type;
Integer version;
@@ -92,6 +93,15 @@ public class CertDataInfo {
this.subjectDN = subjectDN;
}
+ @XmlElement(name="IssuerDN")
+ public String getIssuerDN() {
+ return issuerDN;
+ }
+
+ public void setIssuerDN(String issuerDN) {
+ this.issuerDN = issuerDN;
+ }
+
@XmlElement(name="Status")
public String getStatus() {
return status;
@@ -199,6 +209,7 @@ public class CertDataInfo {
result = prime * result + ((notValidBefore == null) ? 0 : notValidBefore.hashCode());
result = prime * result + ((status == null) ? 0 : status.hashCode());
result = prime * result + ((subjectDN == null) ? 0 : subjectDN.hashCode());
+ result = prime * result + ((issuerDN == null) ? 0 : issuerDN.hashCode());
result = prime * result + ((type == null) ? 0 : type.hashCode());
result = prime * result + ((version == null) ? 0 : version.hashCode());
return result;
@@ -263,6 +274,11 @@ public class CertDataInfo {
return false;
} else if (!subjectDN.equals(other.subjectDN))
return false;
+ if (issuerDN == null) {
+ if (other.issuerDN != null) return false;
+ } else if (!issuerDN.equals(other.issuerDN)) {
+ return false;
+ }
if (type == null) {
if (other.type != null)
return false;
--
2.5.5
More information about the Pki-devel
mailing list