+ // Policy 8: IP Addresses allowed in Certs only by Permission
+ if(!trans.fish(new AAFPermission(aaf_ns,CERTMAN, ca.getName(), "ip"))) {
+ for(String fqdn : fqdns) {
+ if(CA.IPV4_PATTERN.matcher(fqdn).matches() || CA.IPV6_PATTERN.matcher(fqdn).matches()) {
+ return Result.err(Status.ERR_Denied,
+ "Machines include a IP Address. IP Addresses are not allowed except by Permission");
+ }
+ }
+ }
+