X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fca%2FCA.java;h=f1f70a7ec5678fe4ff3cc7dba4bdfbe3d94aa8d2;hb=32cdd553a8668e6d03a9cf5b11b360d35a63c87f;hp=c90dcccf7ce9037015106d452b2d9df1c0f2aab3;hpb=baea56e2de52d32c77bb19299e631165be53c9c8;p=aaf%2Fauthz.git

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index c90dcccf..f1f70a7e 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -36,7 +36,8 @@ import org.onap.aaf.auth.cm.cert.CSRMeta;
 import org.onap.aaf.auth.cm.cert.RDN;
 import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.cm.CertException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.CertException;
 import org.onap.aaf.misc.env.Trans;
 import org.onap.aaf.misc.env.util.Split;
 
@@ -50,27 +51,30 @@ public abstract class CA {
 	private static final String CM_TRUST_CAS = "cm_trust_cas";
 	protected static final String CM_BACKUP_CAS = "cm_backup_cas";
 
-	public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<String>());
+	public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<>());
 
 	
-	private final String name,env;
+	private final String name;
+	private final String env;
 	private MessageDigest messageDigest;
+	private final String permNS; 
 	private final String permType;
-	private Set<String> caIssuerDNs;
 	private final ArrayList<String> idDomains;
 	private String[] trustedCAs;
-	private List<RDN> rdns; 
+	private String[] caIssuerDNs;
+	private List<RDN> rdns;
 
 
 	protected CA(Access access, String caName, String env) throws IOException, CertException {
 		trustedCAs = new String[4]; // starting array
 		this.name = caName;
 		this.env = env;
-		permType = access.getProperty(CM_CA_PREFIX + name + ".perm_type",null);
+		permNS = CM_CA_PREFIX + name;
+		permType = access.getProperty(permNS + ".perm_type",null);
 		if(permType==null) {
-			throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+			throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
 		}
-		caIssuerDNs = new HashSet<String>();
+		caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
 		
 		String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
 		
@@ -79,13 +83,14 @@ public abstract class CA {
 			throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
 		}
 		access.log(Level.INFO, tag, "=",fields);
-		for(RDN rdn : rdns = RDN.parse('/',fields)) {
+		rdns = RDN.parse('/',fields);
+		for(RDN rdn : rdns) {
 			if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
 				throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
 			}
 		}
 		
-		idDomains = new ArrayList<String>();
+		idDomains = new ArrayList<>();
 		StringBuilder sb = null;
 		for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
 			if(s.length()>0) {
@@ -102,15 +107,20 @@ public abstract class CA {
 			access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
 		}
 		
-		String data_dir = access.getProperty(CM_PUBLIC_DIR,null);
-		if(data_dir!=null) {
-			File data = new File(data_dir);
+		String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
+		if(dataDir!=null) {
+			File data = new File(dataDir);
 			byte[] bytes;
 			if(data.exists()) {
-				String trust_cas = access.getProperty(CM_TRUST_CAS,null);
-				if(trust_cas!=null) {
-					for(String fname : Split.splitTrim(',', trust_cas)) {
-						File crt = new File(data,fname);
+				String trustCas = access.getProperty(CM_TRUST_CAS,null);
+				if(trustCas!=null) {
+					for(String fname : Split.splitTrim(',', trustCas)) {
+						File crt;
+						if(fname.contains("/")) {
+							crt = new File(fname);
+						} else {
+							crt = new File(data,fname);
+						}
 						if(crt.exists()) {
 							access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
 							bytes = new byte[(int)crt.length()];
@@ -137,7 +147,19 @@ public abstract class CA {
 	}
 
 	protected void addCaIssuerDN(String issuerDN) {
-		caIssuerDNs.add(issuerDN);
+		boolean changed = true;
+		for(String id : caIssuerDNs) {
+			if(id.equals(issuerDN)) {
+				changed = false;
+				break;
+			}
+		}
+		if(changed) {
+			String[] newsa = new String[caIssuerDNs.length+1];
+			newsa[0]=issuerDN;
+			System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length);
+			caIssuerDNs = newsa;
+		}
 	}
 	
 	protected synchronized void addTrustedCA(final String crtString) {
@@ -159,7 +181,7 @@ public abstract class CA {
 		trustedCAs = temp;
 	}
 	
-	public Set<String> getCaIssuerDNs() {
+	public String[] getCaIssuerDNs() {
 		return caIssuerDNs;
 	}
 	
@@ -184,6 +206,10 @@ public abstract class CA {
 	}
 	
 	
+	public String getPermNS() {
+		return permNS;
+	}
+	
 	public String getPermType() {
 		return permType;
 	}
@@ -209,4 +235,5 @@ public abstract class CA {
 	public CSRMeta newCSRMeta() {
 		return new CSRMeta(rdns);
 	}
+
 }