nsacyber · cyrus-dev · Feb 1, 2024 · Jan 24, 2024
diff --git a/...ionCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java b/...ionCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java
@@ -16,6 +16,8 @@ public interface CACredentialRepository extends JpaRepository<CertificateAuthori
     Page<CertificateAuthorityCredential> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
     List<CertificateAuthorityCredential> findBySubject(String subject);
     List<CertificateAuthorityCredential> findBySubjectSorted(String subject);
+    List<CertificateAuthorityCredential> findBySubjectAndArchiveFlag(String subject, boolean archiveFlag);
+    List<CertificateAuthorityCredential> findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag);
     CertificateAuthorityCredential findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
-    CertificateAuthorityCredential findBySubjectKeyIdString(String subjectKeyIdString);
+    CertificateAuthorityCredential findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag);
 }
diff --git a/...ortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/...ortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
@@ -157,7 +157,7 @@ public static Certificate containsAllChain(
         //Check if there is a subject organization
         if (certificate.getAuthorityKeyIdentifier() != null
                 && !certificate.getAuthorityKeyIdentifier().isEmpty()) {
-            skiCA = caCredentialRepository.findBySubjectKeyIdString(certificate.getAuthorityKeyIdentifier());
+            skiCA = caCredentialRepository.findBySubjectKeyIdStringAndArchiveFlag(certificate.getAuthorityKeyIdentifier(), false);
         } else {
             log.error(String.format("Certificate (%s) for %s has no authority key identifier.",
                     certificate.getClass().toString(), certificate.getSubject()));
@@ -167,10 +167,10 @@ public static Certificate containsAllChain(
             if (certificate.getIssuerSorted() == null
                     || certificate.getIssuerSorted().isEmpty()) {
                 //Get certificates by subject
-                issuerCertificates = caCredentialRepository.findBySubject(certificate.getIssuer());
+                issuerCertificates = caCredentialRepository.findBySubjectAndArchiveFlag(certificate.getIssuer(), false);
             } else {
                 //Get certificates by subject organization
-                issuerCertificates = caCredentialRepository.findBySubjectSorted(certificate.getIssuerSorted());
+                issuerCertificates = caCredentialRepository.findBySubjectSortedAndArchiveFlag(certificate.getIssuerSorted(), false);
             }
         } else {
             issuerCertificates.add(skiCA);