From 1338680ef142f9a33ee32a00b07c7d2ae658cb3a Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Fri, 12 Jul 2019 17:01:40 -0500
Subject: Adjust Agent for none K8s

Issue-ID: AAF-857
Change-Id: Iae6ab3800376465deb69d735d1ab38c931b46688
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/auth/cm/service/CMService.java   | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'auth/auth-certman/src/main')

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 1f2b0880..85424de1 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -60,6 +60,7 @@ import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.Hash;
 import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.aaf.AAFPermission;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.configure.Factory;
@@ -88,6 +89,7 @@ public class CMService {
     private final CredDAO credDAO;
     private final ArtiDAO artiDAO;
     private AAF_CM certManager;
+	private Boolean allowIgnoreIPs;
 
     // @SuppressWarnings("unchecked")
     public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
@@ -108,6 +110,10 @@ public class CMService {
                 "*",
                 "read"
         );
+        allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false"));
+        if(allowIgnoreIPs) {
+            trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with <ns>.certman|<ca name>|"+IGNORE_IPS);
+        }
     }
 
     public Result<CertResp> requestCert(final AuthzTrans trans, final Result<CertReq> req, final CA ca) {
@@ -133,7 +139,13 @@ public class CMService {
             try {
                 Organization org = trans.org();
 
-                boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
+                boolean ignoreIPs;
+                if(allowIgnoreIPs) {
+                	ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
+                } else {
+                	ignoreIPs = false;
+                }
+                
 
                 InetAddress primary = null;
                 // Organize incoming information to get to appropriate Artifact
@@ -164,8 +176,8 @@ public class CMService {
                         }
 
                     } else {
-                        for (String cn : req.value.fqdns) {
-                            if (!ignoreIPs) {
+                        if (!ignoreIPs) {
+                        	for (String cn : req.value.fqdns) {
                                 try {
                                     InetAddress[] ias = InetAddress.getAllByName(cn);
                                     Set<String> potentialSanNames = new HashSet<>();
-- 
cgit 1.2.3-korg