summaryrefslogtreecommitdiffstats
path: root/auth/auth-certman
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-02 21:41:55 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-02 21:42:28 -0500
commitca76fbda94492f1b0c895ff0f4070381f17472f0 (patch)
tree8180941d2fdc474c282ac5272e014c2f45b7da48 /auth/auth-certman
parentc060284812fbbc18fcf22eb628c47c251505fe50 (diff)
Add ability for BAuth by domain
Issue-ID: AAF-361 Change-Id: I6f437ffcfef5555f44acfb32fd6020f86f8cf403 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-certman')
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java29
1 files changed, 18 insertions, 11 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 8d39f540..ea65659a 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -426,17 +426,24 @@ public class CMService {
}
// Policy 2: MechID must have valid Organization Owner
- Identity ouser = muser.responsibleTo();
- if(ouser == null) {
- return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
+ Identity emailUser;
+ if(muser.isPerson()) {
+ emailUser = muser;
+ } else {
+ Identity ouser = muser.responsibleTo();
+ if(ouser == null) {
+ return Result.err(Result.ERR_Denied,"%s is not a valid Sponsor for %s at %s",
+ trans.user(),add.mechid,trans.org().getName());
+ }
+
+ // Policy 3: Calling ID must be MechID Owner
+ if(!trans.user().equals(ouser.fullID())) {
+ return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
+ trans.user(),add.mechid,trans.org().getName());
+ }
+ emailUser = ouser;
}
- // Policy 3: Calling ID must be MechID Owner
- if(!trans.user().equals(ouser.fullID())) {
- return Result.err(Result.ERR_Denied,"%s is not the Sponsor for %s at %s",
- trans.user(),add.mechid,trans.org().getName());
- }
// Policy 4: Renewal Days are between 10 and 60 (constants, may be parameterized)
if(add.renewDays<MIN_RENEWAL) {
@@ -447,7 +454,7 @@ public class CMService {
// Policy 5: If Notify is blank, set to Owner's Email
if(add.notify==null || add.notify.length()==0) {
- add.notify = "mailto:"+ouser.email();
+ add.notify = "mailto:"+emailUser.email();
}
// Policy 6: Only do Domain by Exception
@@ -462,7 +469,7 @@ public class CMService {
}
// Set Sponsor from Golden Source
- add.sponsor = ouser.fullID();
+ add.sponsor = emailUser.fullID();
} catch (OrganizationException e) {