import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.Hash;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Chrono;
crdd.type = CredDAO.CERT_SHA256_RSA;
credDAO.create(trans, crdd);
- CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes));
+ CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);
cdd.x509=Factory.toString(trans, x509);
certDAO.create(trans, cdd);
- CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null));
+ CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);
}
// Policy 2: MechID must have valid Organization Owner
- Identity ouser = muser.responsibleTo();
- if(ouser == null) {
- return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
+ Identity emailUser;
+ if(muser.isPerson()) {
+ emailUser = muser;
+ } else {
+ Identity ouser = muser.responsibleTo();
+ if(ouser == null) {
+ return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
+ trans.user(),add.mechid,trans.org().getName());
+ }
+
+ // Policy 3: Calling ID must be MechID Owner
+ if(!trans.user().equals(ouser.fullID())) {
+ return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
+ trans.user(),add.mechid,trans.org().getName());
+ }
+ emailUser = ouser;
}
- // Policy 3: Calling ID must be MechID Owner
- if(!trans.user().equals(ouser.fullID())) {
- return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
- }
// Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)
if(add.renewDays<MIN_RENEWAL) {
// Policy 5: If Notify is blank, set to Owner's Email
if(add.notify==null || add.notify.length()==0) {
- add.notify = "mailto:"+ouser.email();
+ add.notify = "mailto:"+emailUser.email();
}
// Policy 6: Only do Domain by Exception
}
// Set Sponsor from Golden Source
- add.sponsor = ouser.fullID();
+ add.sponsor = emailUser.fullID();
} catch (OrganizationException e) {
|| trans.user().equals(sponsor)) {
return artiDAO.delete(trans, add, false);
}
- return null;
+ return Result.err(Result.ERR_Denied, "%1 is not allowed to delete this item",trans.user());
}
public Result<Void> deleteArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {