Add ability for BAuth by domain

[aaf/authz.git] / auth / auth-certman / src / main / java / org / onap / aaf / auth / cm / service / CMService.java

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 4ef5472..ea65659 100644 (file)
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -59,7 +59,7 @@ import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.Hash;
 import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.Factory;
 import org.onap.aaf.cadi.util.FQI;
 import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.util.Chrono;
@@ -317,7 +317,7 @@ public class CMService {
                                crdd.type = CredDAO.CERT_SHA256_RSA;
                                credDAO.create(trans, crdd);
                                
-                               CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes));
+                               CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes));
                                return Result.ok(cr);
                        } catch (Exception e) {
                                trans.error().log(e);
@@ -398,7 +398,7 @@ public class CMService {
                                cdd.x509=Factory.toString(trans, x509);
                                certDAO.create(trans, cdd);
                                
-                               CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null));
+                               CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
                                return Result.ok(cr);
                        } catch (Exception e) {
                                trans.error().log(e);
@@ -426,17 +426,24 @@ public class CMService {
                                }
                                
                                // Policy 2: MechID must have valid Organization Owner
-                               Identity ouser = muser.responsibleTo();
-                               if(ouser == null) {
-                                       return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
-                                                       trans.user(),add.mechid,trans.org().getName());
+                               Identity emailUser;
+                               if(muser.isPerson()) {
+                                       emailUser = muser;
+                               } else {
+                                       Identity ouser = muser.responsibleTo();
+                                       if(ouser == null) {
+                                               return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
+                                                               trans.user(),add.mechid,trans.org().getName());
+                                       }
+
+                                       // Policy 3: Calling ID must be MechID Owner
+                                       if(!trans.user().equals(ouser.fullID())) {
+                                               return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
+                                                               trans.user(),add.mechid,trans.org().getName());
+                                       }
+                                       emailUser = ouser;
                                }
                                
-                               // Policy 3: Calling ID must be MechID Owner
-                               if(!trans.user().equals(ouser.fullID())) {
-                                       return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
-                                                       trans.user(),add.mechid,trans.org().getName());
-                               }
 
                                // Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)
                                if(add.renewDays<MIN_RENEWAL) {
@@ -447,7 +454,7 @@ public class CMService {
                                
                                // Policy 5: If Notify is blank, set to Owner's Email
                                if(add.notify==null || add.notify.length()==0) {
-                                       add.notify = "mailto:"+ouser.email();
+                                       add.notify = "mailto:"+emailUser.email();
                                }
                                
                                // Policy 6: Only do Domain by Exception
@@ -462,7 +469,7 @@ public class CMService {
                                }
 
                                // Set Sponsor from Golden Source
-                               add.sponsor = ouser.fullID();
+                               add.sponsor = emailUser.fullID();
                                
                                
                        } catch (OrganizationException e) {