Merge "Sonar fix: Perm.java"

[aaf/authz.git] / auth / auth-certman / src / main / java / org / onap / aaf / auth / cm / service / CMService.java
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java

index 893a6b1..26b3a22 100644 (file)
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -90,6 +90,7 @@ public class CMService {
      private final ArtiDAO artiDAO;
      private AAF_CM certManager;
         private Boolean allowIgnoreIPs;
+       private Boolean alwaysIgnoreIPs;
  
      // @SuppressWarnings("unchecked")
      public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
@@ -110,9 +111,14 @@ public class CMService {
                  "*",
                  "read"
          );
-        allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false"));
-        if(allowIgnoreIPs) {
-            trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with <ns>.certman|<ca name>|"+IGNORE_IPS);
+        alwaysIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALWAYS_IGNORE_IPS, "false"));
+        if(alwaysIgnoreIPs) {
+               trans.env().access().log(Level.INIT, "DNS Evaluation for Cert Creation is turned off with " + Config.CM_ALWAYS_IGNORE_IPS );
+        } else {
+               allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false"));
+               if(allowIgnoreIPs) {
+                   trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with <ns>.certman|<ca name>|"+IGNORE_IPS);
+               }
          }
      }
  
@@ -140,7 +146,9 @@ public class CMService {
                  Organization org = trans.org();
  
                  boolean ignoreIPs;
-                if(allowIgnoreIPs) {
+                if(alwaysIgnoreIPs) {
+                       ignoreIPs=true;
+                } else if(allowIgnoreIPs) {
                         ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
                  } else {
                         ignoreIPs = false;
@@ -290,7 +298,7 @@ public class CMService {
                              trans.error().log("CMService var primary is null");
                          } else {
                              String fg = fqdns.get(i);
-                            if (fg!=null && fg.equals(primary.getHostName())) {
+                            if (fg!=null && primary!=null && fg.equals(primary.getHostName())) {
                                  if (i != 0) {
                                      String tmp = fqdns.get(0);
                                      fqdns.set(0, primary.getHostName());
@@ -301,7 +309,7 @@ public class CMService {
                      }
                  }
              } catch (Exception e) {
-                trans.debug().log(e);
+                trans.error().log(e);
                  return Result.err(Status.ERR_Denied,
                          "AppID Sponsorship cannot be determined at this time.  Try later.");
              }
@@ -474,7 +482,6 @@ public class CMService {
                  // Policy 6: Only do Domain by Exception
                  if (add.machine.startsWith("*")) { // Domain set
                      CA ca = certManager.getCA(add.ca);
-
                      if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
                          return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
                                  add.machine);