+ List<String> fqdns;
+ boolean dynamic_sans = trans.fish(new AAFPermission(null, ca.getPermType(), ca.getName(),DYNAMIC_SANS));
+ boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
+ boolean domain_based = false;
+
+ // Note: Many Cert Impls require FQDN in "CN=" to be in the SANS as well. Therefore, the "fqdn" variable
+ // includes main ID plus ADDITIONAL SANS at all times.
+ if(req.value.fqdns.isEmpty()) {
+ fqdns = new ArrayList<>();
+ fqdns.add(key);
+ } else {
+ // Only Template or Dynamic permitted to pass in FQDNs
+ if (req.value.fqdns.get(0).startsWith("*")) { // Domain set
+ if (trans.fish(new AAFPermission(null,ca.getPermType(), ca.getName(), DOMAIN))) {
+ domain_based = true;
+ } else {
+ return Result.err(Result.ERR_Denied,
+ "Domain based Authorizations (" + req.value.fqdns.get(0) + ") requires Exception");
+ }
+ }
+ fqdns = new ArrayList<>(req.value.fqdns);
+ }