X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fservice%2FCMService.java;h=ea65659a9b72cc1456383c9a37ec60d5dcbd790f;hb=ca76fbda94492f1b0c895ff0f4070381f17472f0;hp=4ef5472a706c7e2f65f6067f034e9b710152a2a1;hpb=d86dd644e1543743cfcbc83b230bd4f2cb2e5d4e;p=aaf%2Fauthz.git

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 4ef5472a..ea65659a 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -59,7 +59,7 @@ import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.Hash;
 import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.Factory;
 import org.onap.aaf.cadi.util.FQI;
 import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.util.Chrono;
@@ -317,7 +317,7 @@ public class CMService {
 				crdd.type = CredDAO.CERT_SHA256_RSA;
 				credDAO.create(trans, crdd);
 				
-				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes));
+				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes));
 				return Result.ok(cr);
 			} catch (Exception e) {
 				trans.error().log(e);
@@ -398,7 +398,7 @@ public class CMService {
 				cdd.x509=Factory.toString(trans, x509);
 				certDAO.create(trans, cdd);
 				
-				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null));
+				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
 				return Result.ok(cr);
 			} catch (Exception e) {
 				trans.error().log(e);
@@ -426,17 +426,24 @@ public class CMService {
 				}
 				
 				// Policy 2: MechID must have valid Organization Owner
-				Identity ouser = muser.responsibleTo();
-				if(ouser == null) {
-					return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
-							trans.user(),add.mechid,trans.org().getName());
+				Identity emailUser;
+				if(muser.isPerson()) {
+					emailUser = muser;
+				} else {
+					Identity ouser = muser.responsibleTo();
+					if(ouser == null) {
+						return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
+								trans.user(),add.mechid,trans.org().getName());
+					}
+
+					// Policy 3: Calling ID must be MechID Owner
+					if(!trans.user().equals(ouser.fullID())) {
+						return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
+								trans.user(),add.mechid,trans.org().getName());
+					}
+					emailUser = ouser;
 				}
 				
-				// Policy 3: Calling ID must be MechID Owner
-				if(!trans.user().equals(ouser.fullID())) {
-					return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
-							trans.user(),add.mechid,trans.org().getName());
-				}
 
 				// Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)
 				if(add.renewDays<MIN_RENEWAL) {
@@ -447,7 +454,7 @@ public class CMService {
 				
 				// Policy 5: If Notify is blank, set to Owner's Email
 				if(add.notify==null || add.notify.length()==0) {
-					add.notify = "mailto:"+ouser.email();
+					add.notify = "mailto:"+emailUser.email();
 				}
 				
 				// Policy 6: Only do Domain by Exception
@@ -462,7 +469,7 @@ public class CMService {
 				}
 
 				// Set Sponsor from Golden Source
-				add.sponsor = ouser.fullID();
+				add.sponsor = emailUser.fullID();
 				
 				
 			} catch (OrganizationException e) {