From 1338680ef142f9a33ee32a00b07c7d2ae658cb3a Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 12 Jul 2019 17:01:40 -0500 Subject: Adjust Agent for none K8s Issue-ID: AAF-857 Change-Id: Iae6ab3800376465deb69d735d1ab38c931b46688 Signed-off-by: Instrumental --- .../java/org/onap/aaf/auth/cm/service/CMService.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'auth/auth-certman/src/main') diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 1f2b0880..85424de1 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -60,6 +60,7 @@ import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.Hash; import org.onap.aaf.cadi.Permission; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.configure.Factory; @@ -88,6 +89,7 @@ public class CMService { private final CredDAO credDAO; private final ArtiDAO artiDAO; private AAF_CM certManager; + private Boolean allowIgnoreIPs; // @SuppressWarnings("unchecked") public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException { @@ -108,6 +110,10 @@ public class CMService { "*", "read" ); + allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false")); + if(allowIgnoreIPs) { + trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with .certman||"+IGNORE_IPS); + } } public Result requestCert(final AuthzTrans trans, final Result req, final CA ca) { @@ -133,7 +139,13 @@ public class CMService { try { Organization org = trans.org(); - boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS)); + boolean ignoreIPs; + if(allowIgnoreIPs) { + ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS)); + } else { + ignoreIPs = false; + } + InetAddress primary = null; // Organize incoming information to get to appropriate Artifact @@ -164,8 +176,8 @@ public class CMService { } } else { - for (String cn : req.value.fqdns) { - if (!ignoreIPs) { + if (!ignoreIPs) { + for (String cn : req.value.fqdns) { try { InetAddress[] ias = InetAddress.getAllByName(cn); Set potentialSanNames = new HashSet<>(); -- cgit 1.2.3-korg