X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfigure%2FPlaceArtifactInKeystore.java;h=67b3df099c6ba3d18608bc2d0a04d3bee9c415ab;hb=355b886d817295d2bca5af28f01576bf4a3ded18;hp=7256af40e3888cd2ef27ae0822d33355d0a35f15;hpb=fbcac9be97567ca19b1018861d1ab37d2dea769f;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
index 7256af40..67b3df09 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/PlaceArtifactInKeystore.java
@@ -66,17 +66,26 @@ public class PlaceArtifactInKeystore extends ArtifactDir {
             X509Certificate x509;
             List<X509Certificate> chainList = new ArrayList<>();
             Set<X509Certificate> caSet = new HashSet<>();
+            X509Certificate curr = null;
             for (Certificate c : certColl) {
                 x509 = (X509Certificate)c;
                 // Is a Root (self-signed, anyway)
                 if (x509.getSubjectDN().equals(x509.getIssuerDN())) {
                     caSet.add(x509);
                 } else {
-                    chainList.add(x509);
+                	// Expect Certs in Trust Chain Order. 
+                	if(curr==null) {
+                        chainList.add(x509);
+                        curr=x509;
+                	} else {
+                    	// Only Add Cert next on the list
+                		if(curr.getIssuerDN().equals(x509.getSubjectDN())) {
+                			chainList.add(x509);
+                			curr=x509;
+                		}
+                	}
                 }
             }
-//            chainList.addAll(caSet);
-            //Collections.reverse(chainList);
 
             // Properties, etc
             // Add CADI Keyfile Entry to Properties