From 4b5a7d721d994a49057e9bfb403c7bff1b376660 Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Fri, 7 Sep 2018 12:21:34 -0500
Subject: Mass removal of all Tabs (Style Warnings)

Issue-ID: AAF-473
Change-Id: Iaf0ef8120882937959bb0065f2f6ba74a021940f
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../src/main/java/org/onap/aaf/auth/cm/AAF_CM.java |  338 +++---
 .../org/onap/aaf/auth/cm/api/API_Artifact.java     |  168 +--
 .../java/org/onap/aaf/auth/cm/api/API_Cert.java    |  186 +--
 .../src/main/java/org/onap/aaf/auth/cm/ca/CA.java  |  364 +++---
 .../main/java/org/onap/aaf/auth/cm/ca/JscepCA.java |  374 +++---
 .../main/java/org/onap/aaf/auth/cm/ca/LocalCA.java |  362 +++---
 .../onap/aaf/auth/cm/ca/X509ChainWithIssuer.java   |  108 +-
 .../java/org/onap/aaf/auth/cm/ca/X509andChain.java |   76 +-
 .../java/org/onap/aaf/auth/cm/cert/BCFactory.java  |  178 +--
 .../java/org/onap/aaf/auth/cm/cert/CSRMeta.java    |  372 +++---
 .../main/java/org/onap/aaf/auth/cm/cert/RDN.java   |  142 +--
 .../java/org/onap/aaf/auth/cm/data/CertReq.java    |   30 +-
 .../java/org/onap/aaf/auth/cm/data/CertResp.java   |  106 +-
 .../java/org/onap/aaf/auth/cm/facade/Facade.java   |  270 ++---
 .../org/onap/aaf/auth/cm/facade/Facade1_0.java     |   12 +-
 .../org/onap/aaf/auth/cm/facade/FacadeFactory.java |   14 +-
 .../org/onap/aaf/auth/cm/facade/FacadeImpl.java    | 1108 ++++++++---------
 .../java/org/onap/aaf/auth/cm/mapper/Mapper.java   |   28 +-
 .../org/onap/aaf/auth/cm/mapper/Mapper1_0.java     |  432 +++----
 .../org/onap/aaf/auth/cm/mapper/Mapper2_0.java     |  414 +++----
 .../org/onap/aaf/auth/cm/service/CMService.java    | 1256 ++++++++++----------
 .../java/org/onap/aaf/auth/cm/service/Code.java    |   24 +-
 .../aaf/auth/cm/validation/CertmanValidator.java   |  150 +--
 .../org/onap/aaf/auth/cm/api/JU_API_Artifact.java  |  124 +-
 .../java/org/onap/aaf/auth/cm/api/JU_API_Cert.java |  124 +-
 .../java/org/onap/aaf/auth/cm/ca/JU_AppCA.java     |  434 +++----
 .../org/onap/aaf/auth/cm/cert/JU_BCFactory.java    |  144 +--
 .../org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java |  260 ++--
 .../org/onap/aaf/auth/cm/test/CertmanTest.java     |  192 +--
 29 files changed, 3895 insertions(+), 3895 deletions(-)

(limited to 'auth/auth-certman')

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
index a9a9b4e5..d80b085b 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
@@ -70,173 +70,173 @@ import com.datastax.driver.core.Cluster;
 
 public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
 
-	private static final String USER_PERMS = "userPerms";
-	private static final Map<String,CA> certAuths = new TreeMap<>();
-	public Facade1_0 facade1_0; // this is the default Facade
-	public Facade1_0 facade1_0_XML; // this is the XML Facade
-	public Map<String, Dated> cacheUser;
-	public AAFAuthn<?> aafAuthn;
-	public AAFLurPerm aafLurPerm;
-	final public Cluster cluster;
-	public final LocateDAO locateDAO;
-
-
-	/**
-	 * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
-	 * 
-	 * @param env
-	 * @param si 
-	 * @param dm 
-	 * @param decryptor 
-	 * @throws APIException 
-	 */
-	public AAF_CM(AuthzEnv env) throws Exception {
-		super(env.access(),env);
-		aafLurPerm = aafCon().newLur();
-		// Note: If you need both Authn and Authz construct the following:
-		aafAuthn = aafCon().newAuthn(aafLurPerm);
-
-		String aaf_env = env.getProperty(Config.AAF_ENV);
-		if(aaf_env==null) {
-			throw new APIException("aaf_env needs to be set");
-		}
-
-		// Initialize Facade for all uses
-		AuthzTrans trans = env.newTrans();
-
-		cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null);
-		locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE);
-
-		// Have AAFLocator object Create DirectLocators for Location needs
-		AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO));
-
-		// Load Supported Certificate Authorities by property
-		// Note: Some will be dynamic Properties, so we need to look through all
-		for(Entry<Object, Object> es : env.access().getProperties().entrySet()) {
-			String key = es.getKey().toString();
-			if(key.startsWith(CA.CM_CA_PREFIX)) {
-				int idx = key.indexOf('.');
-				if(idx==key.lastIndexOf('.')) { // else it's a regular property 
-	
-					env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1));
-					String[] segs = Split.split(',', env.getProperty(key));
-					if(segs.length>0) {
-						String[][] multiParams = new String[segs.length-1][];
-						for(int i=0;i<multiParams.length;++i) {
-							multiParams[i]=Split.split(';',segs[1+i]);
-						}
-						@SuppressWarnings("unchecked")
-						Class<CA> cac = (Class<CA>)Class.forName(segs[0]);
-						Constructor<CA> cons = cac.getConstructor(new Class<?>[] {
-							Access.class,String.class,String.class,String[][].class
-						});
-						Object pinst[] = new Object[4];
-						pinst[0]=env;
-						pinst[1]= key.substring(idx+1);
-						pinst[2]= aaf_env;
-						pinst[3] = multiParams; 
-						CA ca = cons.newInstance(pinst);
-						certAuths.put(ca.getName(),ca);
-					}
-				}
-			}
-		}
-		if(certAuths.size()==0) {
-			throw new APIException("No Certificate Authorities have been configured in CertMan");
-		}
-
-		CMService service = new CMService(trans, this);
-		// note: Service knows how to shutdown Cluster on Shutdown, etc.  See Constructor
-		facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON);   // Default Facade
-		facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); 
-
-
-		synchronized(env) {
-			if(cacheUser == null) {
-				cacheUser = Cache.obtain(USER_PERMS);
-				Cache.startCleansing(env, USER_PERMS);
-			}
-		}
-
-		////////////////////////////////////////////////////////////////////////////
-		// APIs
-		////////////////////////////////////////////////////////////////////////
-		API_Cert.init(this);
-		API_Artifact.init(this);
-
-		StringBuilder sb = new StringBuilder();
-		trans.auditTrail(2, sb);
-		trans.init().log(sb);
-	}
-
-	public CA getCA(String key) {
-		return certAuths.get(key);
-	}
-
-	/**
-	 * Setup XML and JSON implementations for each supported Version type
-	 * 
-	 * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
-	 * to do Versions and Content switches
-	 * 
-	 */
-	public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
-		String version = "1.0";
-		// Get Correct API Class from Mapper
-		Class<?> respCls = facade1_0.mapper().getClass(api); 
-		if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
-		// setup Application API HTML ContentTypes for JSON and Route
-		String application = applicationJSON(respCls, version);
-		route(env,meth,path,code,application,"application/json;version="+version,"*/*");
-
-		// setup Application API HTML ContentTypes for XML and Route
-		application = applicationXML(respCls, version);
-		route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
-
-		// Add other Supported APIs here as created
-	}
-
-	public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {
-		route(env,meth,path,code,""); // this will always match
-	}
-
-	@Override
-	public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException {
-		try {
-			return new Filter[] {
-					new AuthzTransFilter(env,aafCon(),
-		        		new AAFTrustChecker((Env)env),
-		        		additionalTafLurs)
-				};
-		} catch (NumberFormatException e) {
-			throw new CadiException("Invalid Property information", e);
-		}
-	}
-
-	@SuppressWarnings("unchecked")
-	@Override
-	public Registrant<AuthzEnv>[] registrants(final int port) throws CadiException, LocatorException {
-		return new Registrant[] {
-			new DirectRegistrar(access,locateDAO,app_name,app_version,port)
-		};
-	}
-
-	public void destroy() {
-		Cache.stopTimer();
-		locateDAO.close(env.newTransNoAvg());
-		cluster.close();
-	}
-
-	public static void main(final String[] args) {
-		try {
-			Log4JLogIt logIt = new Log4JLogIt(args, "cm");
-			PropAccess propAccess = new PropAccess(logIt,args);
-
- 			AAF_CM service = new AAF_CM(new AuthzEnv(propAccess));
-			JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
-			jss.start();
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
+    private static final String USER_PERMS = "userPerms";
+    private static final Map<String,CA> certAuths = new TreeMap<>();
+    public Facade1_0 facade1_0; // this is the default Facade
+    public Facade1_0 facade1_0_XML; // this is the XML Facade
+    public Map<String, Dated> cacheUser;
+    public AAFAuthn<?> aafAuthn;
+    public AAFLurPerm aafLurPerm;
+    final public Cluster cluster;
+    public final LocateDAO locateDAO;
+
+
+    /**
+     * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
+     * 
+     * @param env
+     * @param si 
+     * @param dm 
+     * @param decryptor 
+     * @throws APIException 
+     */
+    public AAF_CM(AuthzEnv env) throws Exception {
+        super(env.access(),env);
+        aafLurPerm = aafCon().newLur();
+        // Note: If you need both Authn and Authz construct the following:
+        aafAuthn = aafCon().newAuthn(aafLurPerm);
+
+        String aaf_env = env.getProperty(Config.AAF_ENV);
+        if(aaf_env==null) {
+            throw new APIException("aaf_env needs to be set");
+        }
+
+        // Initialize Facade for all uses
+        AuthzTrans trans = env.newTrans();
+
+        cluster = org.onap.aaf.auth.dao.CassAccess.cluster(env,null);
+        locateDAO = new LocateDAO(trans,cluster,CassAccess.KEYSPACE);
+
+        // Have AAFLocator object Create DirectLocators for Location needs
+        AbsAAFLocator.setCreator(new DirectLocatorCreator(env, locateDAO));
+
+        // Load Supported Certificate Authorities by property
+        // Note: Some will be dynamic Properties, so we need to look through all
+        for(Entry<Object, Object> es : env.access().getProperties().entrySet()) {
+            String key = es.getKey().toString();
+            if(key.startsWith(CA.CM_CA_PREFIX)) {
+                int idx = key.indexOf('.');
+                if(idx==key.lastIndexOf('.')) { // else it's a regular property 
+    
+                    env.log(Level.INIT, "Loading Certificate Authority Module: " + key.substring(idx+1));
+                    String[] segs = Split.split(',', env.getProperty(key));
+                    if(segs.length>0) {
+                        String[][] multiParams = new String[segs.length-1][];
+                        for(int i=0;i<multiParams.length;++i) {
+                            multiParams[i]=Split.split(';',segs[1+i]);
+                        }
+                        @SuppressWarnings("unchecked")
+                        Class<CA> cac = (Class<CA>)Class.forName(segs[0]);
+                        Constructor<CA> cons = cac.getConstructor(new Class<?>[] {
+                            Access.class,String.class,String.class,String[][].class
+                        });
+                        Object pinst[] = new Object[4];
+                        pinst[0]=env;
+                        pinst[1]= key.substring(idx+1);
+                        pinst[2]= aaf_env;
+                        pinst[3] = multiParams; 
+                        CA ca = cons.newInstance(pinst);
+                        certAuths.put(ca.getName(),ca);
+                    }
+                }
+            }
+        }
+        if(certAuths.size()==0) {
+            throw new APIException("No Certificate Authorities have been configured in CertMan");
+        }
+
+        CMService service = new CMService(trans, this);
+        // note: Service knows how to shutdown Cluster on Shutdown, etc.  See Constructor
+        facade1_0 = FacadeFactory.v1_0(this,trans, service,Data.TYPE.JSON);   // Default Facade
+        facade1_0_XML = FacadeFactory.v1_0(this,trans,service,Data.TYPE.XML); 
+
+
+        synchronized(env) {
+            if(cacheUser == null) {
+                cacheUser = Cache.obtain(USER_PERMS);
+                Cache.startCleansing(env, USER_PERMS);
+            }
+        }
+
+        ////////////////////////////////////////////////////////////////////////////
+        // APIs
+        ////////////////////////////////////////////////////////////////////////
+        API_Cert.init(this);
+        API_Artifact.init(this);
+
+        StringBuilder sb = new StringBuilder();
+        trans.auditTrail(2, sb);
+        trans.init().log(sb);
+    }
+
+    public CA getCA(String key) {
+        return certAuths.get(key);
+    }
+
+    /**
+     * Setup XML and JSON implementations for each supported Version type
+     * 
+     * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
+     * to do Versions and Content switches
+     * 
+     */
+    public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
+        String version = "1.0";
+        // Get Correct API Class from Mapper
+        Class<?> respCls = facade1_0.mapper().getClass(api); 
+        if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
+        // setup Application API HTML ContentTypes for JSON and Route
+        String application = applicationJSON(respCls, version);
+        route(env,meth,path,code,application,"application/json;version="+version,"*/*");
+
+        // setup Application API HTML ContentTypes for XML and Route
+        application = applicationXML(respCls, version);
+        route(env,meth,path,code.clone(facade1_0_XML),application,"application/xml;version="+version);
+
+        // Add other Supported APIs here as created
+    }
+
+    public void routeAll(HttpMethods meth, String path, API api, Code code) throws Exception {
+        route(env,meth,path,code,""); // this will always match
+    }
+
+    @Override
+    public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException {
+        try {
+            return new Filter[] {
+                    new AuthzTransFilter(env,aafCon(),
+                        new AAFTrustChecker((Env)env),
+                        additionalTafLurs)
+                };
+        } catch (NumberFormatException e) {
+            throw new CadiException("Invalid Property information", e);
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    @Override
+    public Registrant<AuthzEnv>[] registrants(final int port) throws CadiException, LocatorException {
+        return new Registrant[] {
+            new DirectRegistrar(access,locateDAO,app_name,app_version,port)
+        };
+    }
+
+    public void destroy() {
+        Cache.stopTimer();
+        locateDAO.close(env.newTransNoAvg());
+        cluster.close();
+    }
+
+    public static void main(final String[] args) {
+        try {
+            Log4JLogIt logIt = new Log4JLogIt(args, "cm");
+            PropAccess propAccess = new PropAccess(logIt,args);
+
+             AAF_CM service = new AAF_CM(new AuthzEnv(propAccess));
+            JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service);
+            jss.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java
index 134ad7c5..34f7927e 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Artifact.java
@@ -39,95 +39,95 @@ import org.onap.aaf.auth.rserv.HttpMethods;
  *
  */
 public class API_Artifact {
-	private static final String GET_ARTIFACTS = "Get Artifacts";
+    private static final String GET_ARTIFACTS = "Get Artifacts";
   private static final String CERT_ARTIFACTS = "/cert/artifacts";
-	/**
-	 * Normal Init level APIs
-	 * 
-	 * @param cmAPI
-	 * @throws Exception
-	 */
-	public static void init(final AAF_CM cmAPI) throws Exception {
-		cmAPI.route(HttpMethods.POST, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,"Create Artifacts") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.createArtifacts(trans, req, resp);
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.CREATED_201);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
+    /**
+     * Normal Init level APIs
+     * 
+     * @param cmAPI
+     * @throws Exception
+     */
+    public static void init(final AAF_CM cmAPI) throws Exception {
+        cmAPI.route(HttpMethods.POST, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,"Create Artifacts") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.createArtifacts(trans, req, resp);
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.CREATED_201);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
 
-		/**
-		 * Use Query Params to get Artifacts by Machine or MechID
-		 */
-		cmAPI.route(HttpMethods.GET, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.readArtifacts(trans, req, resp);
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
+        /**
+         * Use Query Params to get Artifacts by Machine or MechID
+         */
+        cmAPI.route(HttpMethods.GET, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.readArtifacts(trans, req, resp);
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
 
 
-		cmAPI.route(HttpMethods.GET, "/cert/artifacts/:mechid/:machine", API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				
-				Result<Void> r = context.readArtifacts(trans, resp, pathParam(req,":mechid"), pathParam(req,":machine"));
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
-		
-		
-		cmAPI.route(HttpMethods.PUT, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,"Update Artifacts") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.updateArtifacts(trans, req, resp);
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
+        cmAPI.route(HttpMethods.GET, "/cert/artifacts/:mechid/:machine", API.ARTIFACTS, new Code(cmAPI,GET_ARTIFACTS) {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                
+                Result<Void> r = context.readArtifacts(trans, resp, pathParam(req,":mechid"), pathParam(req,":machine"));
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
+        
+        
+        cmAPI.route(HttpMethods.PUT, CERT_ARTIFACTS, API.ARTIFACTS, new Code(cmAPI,"Update Artifacts") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.updateArtifacts(trans, req, resp);
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
 
-		cmAPI.route(HttpMethods.DELETE, "/cert/artifacts/:mechid/:machine", API.VOID, new Code(cmAPI,"Delete Artifacts") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.deleteArtifacts(trans, resp, 
-						pathParam(req, ":mechid"), pathParam(req,":machine"));
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
-		
+        cmAPI.route(HttpMethods.DELETE, "/cert/artifacts/:mechid/:machine", API.VOID, new Code(cmAPI,"Delete Artifacts") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.deleteArtifacts(trans, resp, 
+                        pathParam(req, ":mechid"), pathParam(req,":machine"));
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
+        
 
-		cmAPI.route(HttpMethods.DELETE, CERT_ARTIFACTS, API.VOID, new Code(cmAPI,"Delete Artifacts") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.deleteArtifacts(trans, req, resp);
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
-		
+        cmAPI.route(HttpMethods.DELETE, CERT_ARTIFACTS, API.VOID, new Code(cmAPI,"Delete Artifacts") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.deleteArtifacts(trans, req, resp);
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
+        
 
-	}
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java
index 0cea9c73..625fed62 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/api/API_Cert.java
@@ -41,102 +41,102 @@ import org.onap.aaf.misc.env.Slot;
  *
  */
 public class API_Cert {
-	public static final String CERT_AUTH = "CertAuthority";
-	private static Slot sCertAuth;
+    public static final String CERT_AUTH = "CertAuthority";
+    private static Slot sCertAuth;
 
-	/**
-	 * Normal Init level APIs
-	 * 
-	 * @param aafCM
-	 * @param facade
-	 * @throws Exception
-	 */
-	public static void init(final AAF_CM aafCM) throws Exception {
-		// Check for Created Certificate Authorities in TRANS
-		sCertAuth = aafCM.env.slot(CERT_AUTH);
-		
-		////////
-		// Overall APIs
-		///////
-		aafCM.route(HttpMethods.PUT,"/cert/:ca",API.CERT_REQ,new Code(aafCM,"Request Certificate") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				String key = pathParam(req, ":ca");
-				CA ca;
-				if((ca = aafCM.getCA(key))==null) {
-					context.error(trans,resp,Result.ERR_BadData,"CA %s is not supported",key);
-				} else {
-					trans.put(sCertAuth, ca);
-					Result<Void> r = context.requestCert(trans, req, resp, ca);
-					if(r.isOK()) {
-						resp.setStatus(HttpStatus.OK_200);
-					} else {
-						context.error(trans,resp,r);
-					}
-				}
-			}
-		});
-		
-		aafCM.route(HttpMethods.GET,"/cert/:ca/personal",API.CERT,new Code(aafCM,"Request Personal Certificate") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				String key = pathParam(req, ":ca");
-				CA ca;
-				if((ca = aafCM.getCA(key))==null) {
-					context.error(trans,resp,Result.ERR_BadData,"CA %s is not supported",key);
-				} else {
-					trans.put(sCertAuth, ca);
-					Result<Void> r = context.requestPersonalCert(trans, req, resp, ca);
-					if(r.isOK()) {
-						resp.setStatus(HttpStatus.OK_200);
-					} else {
-						context.error(trans,resp,r);
-					}
-				}
-			}
-		});
+    /**
+     * Normal Init level APIs
+     * 
+     * @param aafCM
+     * @param facade
+     * @throws Exception
+     */
+    public static void init(final AAF_CM aafCM) throws Exception {
+        // Check for Created Certificate Authorities in TRANS
+        sCertAuth = aafCM.env.slot(CERT_AUTH);
+        
+        ////////
+        // Overall APIs
+        ///////
+        aafCM.route(HttpMethods.PUT,"/cert/:ca",API.CERT_REQ,new Code(aafCM,"Request Certificate") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                String key = pathParam(req, ":ca");
+                CA ca;
+                if((ca = aafCM.getCA(key))==null) {
+                    context.error(trans,resp,Result.ERR_BadData,"CA %s is not supported",key);
+                } else {
+                    trans.put(sCertAuth, ca);
+                    Result<Void> r = context.requestCert(trans, req, resp, ca);
+                    if(r.isOK()) {
+                        resp.setStatus(HttpStatus.OK_200);
+                    } else {
+                        context.error(trans,resp,r);
+                    }
+                }
+            }
+        });
+        
+        aafCM.route(HttpMethods.GET,"/cert/:ca/personal",API.CERT,new Code(aafCM,"Request Personal Certificate") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                String key = pathParam(req, ":ca");
+                CA ca;
+                if((ca = aafCM.getCA(key))==null) {
+                    context.error(trans,resp,Result.ERR_BadData,"CA %s is not supported",key);
+                } else {
+                    trans.put(sCertAuth, ca);
+                    Result<Void> r = context.requestPersonalCert(trans, req, resp, ca);
+                    if(r.isOK()) {
+                        resp.setStatus(HttpStatus.OK_200);
+                    } else {
+                        context.error(trans,resp,r);
+                    }
+                }
+            }
+        });
 
-		
-		/**
-		 * 
-		 */
-		aafCM.route(HttpMethods.GET, "/cert/may/:perm", API.VOID, new Code(aafCM,"Check Permission") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.check(trans, resp, pathParam(req,"perm"));
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					trans.checkpoint(r.errorString());
-					context.error(trans,resp,Result.err(Result.ERR_Denied,"%s does not have Permission.",trans.user()));
-				}
-			}
-		});
+        
+        /**
+         * 
+         */
+        aafCM.route(HttpMethods.GET, "/cert/may/:perm", API.VOID, new Code(aafCM,"Check Permission") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.check(trans, resp, pathParam(req,"perm"));
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    trans.checkpoint(r.errorString());
+                    context.error(trans,resp,Result.err(Result.ERR_Denied,"%s does not have Permission.",trans.user()));
+                }
+            }
+        });
 
-		/**
-		 * Get Cert by ID and Machine 
-		 */
+        /**
+         * Get Cert by ID and Machine 
+         */
 
-		
-		/**
-		 * Get Certs by ID
-		 */
-		aafCM.route(HttpMethods.GET, "/cert/id/:id", API.CERT, new Code(aafCM,"GetByID") {
-			@Override
-			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-				Result<Void> r = context.readCertsByMechID(trans, resp, pathParam(req,"id"));
-				if(r.isOK()) {
-					resp.setStatus(HttpStatus.OK_200);
-				} else {
-					context.error(trans,resp,r);
-				}
-			}
-		});
+        
+        /**
+         * Get Certs by ID
+         */
+        aafCM.route(HttpMethods.GET, "/cert/id/:id", API.CERT, new Code(aafCM,"GetByID") {
+            @Override
+            public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+                Result<Void> r = context.readCertsByMechID(trans, resp, pathParam(req,"id"));
+                if(r.isOK()) {
+                    resp.setStatus(HttpStatus.OK_200);
+                } else {
+                    context.error(trans,resp,r);
+                }
+            }
+        });
 
-		
-		/**
-		 * Get Certs by Machine
-		 */
-		
-	}
+        
+        /**
+         * Get Certs by Machine
+         */
+        
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index f1f70a7e..820f02d1 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -42,198 +42,198 @@ import org.onap.aaf.misc.env.Trans;
 import org.onap.aaf.misc.env.util.Split;
 
 public abstract class CA {
-	private static final String MUST_EXIST_TO_CREATE_CSRS_FOR = " must exist to create CSRs for ";
-	//TODO figuring out what is an Issuing CA is a matter of convention.  Consider SubClassing for Open Source
-	public static final String ISSUING_CA = "Issuing CA";
-	public static final String CM_CA_PREFIX = "cm_ca.";
-	public static final String CM_CA_BASE_SUBJECT = ".baseSubject";
-	protected static final String CM_PUBLIC_DIR = "cm_public_dir";
-	private static final String CM_TRUST_CAS = "cm_trust_cas";
-	protected static final String CM_BACKUP_CAS = "cm_backup_cas";
+    private static final String MUST_EXIST_TO_CREATE_CSRS_FOR = " must exist to create CSRs for ";
+    //TODO figuring out what is an Issuing CA is a matter of convention.  Consider SubClassing for Open Source
+    public static final String ISSUING_CA = "Issuing CA";
+    public static final String CM_CA_PREFIX = "cm_ca.";
+    public static final String CM_CA_BASE_SUBJECT = ".baseSubject";
+    protected static final String CM_PUBLIC_DIR = "cm_public_dir";
+    private static final String CM_TRUST_CAS = "cm_trust_cas";
+    protected static final String CM_BACKUP_CAS = "cm_backup_cas";
 
-	public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<>());
+    public static final Set<String> EMPTY = Collections.unmodifiableSet(new HashSet<>());
 
-	
-	private final String name;
-	private final String env;
-	private MessageDigest messageDigest;
-	private final String permNS; 
-	private final String permType;
-	private final ArrayList<String> idDomains;
-	private String[] trustedCAs;
-	private String[] caIssuerDNs;
-	private List<RDN> rdns;
+    
+    private final String name;
+    private final String env;
+    private MessageDigest messageDigest;
+    private final String permNS; 
+    private final String permType;
+    private final ArrayList<String> idDomains;
+    private String[] trustedCAs;
+    private String[] caIssuerDNs;
+    private List<RDN> rdns;
 
 
-	protected CA(Access access, String caName, String env) throws IOException, CertException {
-		trustedCAs = new String[4]; // starting array
-		this.name = caName;
-		this.env = env;
-		permNS = CM_CA_PREFIX + name;
-		permType = access.getProperty(permNS + ".perm_type",null);
-		if(permType==null) {
-			throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
-		}
-		caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
-		
-		String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
-		
-		String fields = access.getProperty(tag, null);
-		if(fields==null) {
-			throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
-		}
-		access.log(Level.INFO, tag, "=",fields);
-		rdns = RDN.parse('/',fields);
-		for(RDN rdn : rdns) {
-			if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
-				throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
-			}
-		}
-		
-		idDomains = new ArrayList<>();
-		StringBuilder sb = null;
-		for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
-			if(s.length()>0) {
-				if(sb==null) {
-					sb = new StringBuilder();
-				} else {
-					sb.append(", ");
-				}
-				idDomains.add(s);
-				sb.append(s);
-			}
-		}
-		if(sb!=null) {
-			access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
-		}
-		
-		String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
-		if(dataDir!=null) {
-			File data = new File(dataDir);
-			byte[] bytes;
-			if(data.exists()) {
-				String trustCas = access.getProperty(CM_TRUST_CAS,null);
-				if(trustCas!=null) {
-					for(String fname : Split.splitTrim(',', trustCas)) {
-						File crt;
-						if(fname.contains("/")) {
-							crt = new File(fname);
-						} else {
-							crt = new File(data,fname);
-						}
-						if(crt.exists()) {
-							access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
-							bytes = new byte[(int)crt.length()];
-							FileInputStream fis = new FileInputStream(crt);
-							try {
-								int read = fis.read(bytes);
-								if(read>0) {	
-									addTrustedCA(new String(bytes));
-								}
-							} finally {
-								fis.close();
-							}
-						} else {
-							access.printf(Level.INIT, "FAILED to Load CA Cert from %s", crt.getAbsolutePath());
-						}
-					}
-				} else {
-					access.printf(Level.INIT, "Cannot load external TRUST CAs: No property %s",CM_TRUST_CAS);
-				}
-			} else {
-				access.printf(Level.INIT, "Cannot load external TRUST CAs: %s doesn't exist, or is not accessible",data.getAbsolutePath());
-			}
-		}
-	}
+    protected CA(Access access, String caName, String env) throws IOException, CertException {
+        trustedCAs = new String[4]; // starting array
+        this.name = caName;
+        this.env = env;
+        permNS = CM_CA_PREFIX + name;
+        permType = access.getProperty(permNS + ".perm_type",null);
+        if(permType==null) {
+            throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+        }
+        caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
+        
+        String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
+        
+        String fields = access.getProperty(tag, null);
+        if(fields==null) {
+            throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+        }
+        access.log(Level.INFO, tag, "=",fields);
+        rdns = RDN.parse('/',fields);
+        for(RDN rdn : rdns) {
+            if(rdn.aoi==BCStyle.EmailAddress) { // Cert Specs say Emails belong in Subject
+                throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT);
+            }
+        }
+        
+        idDomains = new ArrayList<>();
+        StringBuilder sb = null;
+        for(String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) {
+            if(s.length()>0) {
+                if(sb==null) {
+                    sb = new StringBuilder();
+                } else {
+                    sb.append(", ");
+                }
+                idDomains.add(s);
+                sb.append(s);
+            }
+        }
+        if(sb!=null) {
+            access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb);
+        }
+        
+        String dataDir = access.getProperty(CM_PUBLIC_DIR,null);
+        if(dataDir!=null) {
+            File data = new File(dataDir);
+            byte[] bytes;
+            if(data.exists()) {
+                String trustCas = access.getProperty(CM_TRUST_CAS,null);
+                if(trustCas!=null) {
+                    for(String fname : Split.splitTrim(',', trustCas)) {
+                        File crt;
+                        if(fname.contains("/")) {
+                            crt = new File(fname);
+                        } else {
+                            crt = new File(data,fname);
+                        }
+                        if(crt.exists()) {
+                            access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
+                            bytes = new byte[(int)crt.length()];
+                            FileInputStream fis = new FileInputStream(crt);
+                            try {
+                                int read = fis.read(bytes);
+                                if(read>0) {    
+                                    addTrustedCA(new String(bytes));
+                                }
+                            } finally {
+                                fis.close();
+                            }
+                        } else {
+                            access.printf(Level.INIT, "FAILED to Load CA Cert from %s", crt.getAbsolutePath());
+                        }
+                    }
+                } else {
+                    access.printf(Level.INIT, "Cannot load external TRUST CAs: No property %s",CM_TRUST_CAS);
+                }
+            } else {
+                access.printf(Level.INIT, "Cannot load external TRUST CAs: %s doesn't exist, or is not accessible",data.getAbsolutePath());
+            }
+        }
+    }
 
-	protected void addCaIssuerDN(String issuerDN) {
-		boolean changed = true;
-		for(String id : caIssuerDNs) {
-			if(id.equals(issuerDN)) {
-				changed = false;
-				break;
-			}
-		}
-		if(changed) {
-			String[] newsa = new String[caIssuerDNs.length+1];
-			newsa[0]=issuerDN;
-			System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length);
-			caIssuerDNs = newsa;
-		}
-	}
-	
-	protected synchronized void addTrustedCA(final String crtString) {
-		String crt;
-		if(crtString.endsWith("\n")) {
-			crt = crtString;
-		} else {
-			crt = crtString + '\n';
-		}
-		for(int i=0;i<trustedCAs.length;++i) {
-			if(trustedCAs[i]==null) {
-				trustedCAs[i]=crt;
-				return;
-			}
-		}
-		String[] temp = new String[trustedCAs.length+5];
-		System.arraycopy(trustedCAs,0,temp, 0, trustedCAs.length);
-		temp[trustedCAs.length]=crt;
-		trustedCAs = temp;
-	}
-	
-	public String[] getCaIssuerDNs() {
-		return caIssuerDNs;
-	}
-	
-	public String[] getTrustedCAs() {
-		return trustedCAs;
-	}
-	
-	public String getEnv() {
-		return env;
-	}
+    protected void addCaIssuerDN(String issuerDN) {
+        boolean changed = true;
+        for(String id : caIssuerDNs) {
+            if(id.equals(issuerDN)) {
+                changed = false;
+                break;
+            }
+        }
+        if(changed) {
+            String[] newsa = new String[caIssuerDNs.length+1];
+            newsa[0]=issuerDN;
+            System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length);
+            caIssuerDNs = newsa;
+        }
+    }
+    
+    protected synchronized void addTrustedCA(final String crtString) {
+        String crt;
+        if(crtString.endsWith("\n")) {
+            crt = crtString;
+        } else {
+            crt = crtString + '\n';
+        }
+        for(int i=0;i<trustedCAs.length;++i) {
+            if(trustedCAs[i]==null) {
+                trustedCAs[i]=crt;
+                return;
+            }
+        }
+        String[] temp = new String[trustedCAs.length+5];
+        System.arraycopy(trustedCAs,0,temp, 0, trustedCAs.length);
+        temp[trustedCAs.length]=crt;
+        trustedCAs = temp;
+    }
+    
+    public String[] getCaIssuerDNs() {
+        return caIssuerDNs;
+    }
+    
+    public String[] getTrustedCAs() {
+        return trustedCAs;
+    }
+    
+    public String getEnv() {
+        return env;
+    }
 
-	protected void setMessageDigest(MessageDigest md) {
-		messageDigest = md;
-	}
+    protected void setMessageDigest(MessageDigest md) {
+        messageDigest = md;
+    }
 
-	/*
-	 * End Required Constructor calls
-	 */
+    /*
+     * End Required Constructor calls
+     */
 
-	public String getName() {
-		return name;
-	}
-	
-	
-	public String getPermNS() {
-		return permNS;
-	}
-	
-	public String getPermType() {
-		return permType;
-	}
-	
-	public abstract X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException;
+    public String getName() {
+        return name;
+    }
+    
+    
+    public String getPermNS() {
+        return permNS;
+    }
+    
+    public String getPermType() {
+        return permType;
+    }
+    
+    public abstract X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException;
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.ca.CA#inPersonalDomains(java.security.Principal)
-	 */
-	public boolean inPersonalDomains(Principal p) {
-		int at = p.getName().indexOf('@');
-		if(at>=0) {
-			return idDomains.contains(p.getName().substring(at+1));
-		} else {
-			return false;
-		}
-	}
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.ca.CA#inPersonalDomains(java.security.Principal)
+     */
+    public boolean inPersonalDomains(Principal p) {
+        int at = p.getName().indexOf('@');
+        if(at>=0) {
+            return idDomains.contains(p.getName().substring(at+1));
+        } else {
+            return false;
+        }
+    }
 
-	public MessageDigest messageDigest() {
-		return messageDigest;
-	}
+    public MessageDigest messageDigest() {
+        return messageDigest;
+    }
 
-	public CSRMeta newCSRMeta() {
-		return new CSRMeta(rdns);
-	}
+    public CSRMeta newCSRMeta() {
+        return new CSRMeta(rdns);
+    }
 
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
index 3f398381..000b6dd5 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
@@ -56,203 +56,203 @@ import org.onap.aaf.misc.env.Trans;
 import org.onap.aaf.misc.env.util.Split;
 
 public class JscepCA extends CA {
-	static final String CA_PREFIX = "http://";
-	static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll";
+    static final String CA_PREFIX = "http://";
+    static final String CA_POSTFIX="/certsrv/mscep_admin/mscep.dll";
 
-	private static final String MS_PROFILE="1";
-	private static final int MAX_RETRY=3;
-	public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins
+    private static final String MS_PROFILE="1";
+    private static final int MAX_RETRY=3;
+    public static final long INVALIDATE_TIME = 1000*60*10L; // 10 mins
 
-	// package on purpose
-	private Map<String,X509ChainWithIssuer> mxcwiS;
-	private Map<Client,X509ChainWithIssuer> mxcwiC;
+    // package on purpose
+    private Map<String,X509ChainWithIssuer> mxcwiS;
+    private Map<Client,X509ChainWithIssuer> mxcwiC;
 
 
-	private JscepClientLocator clients;
+    private JscepClientLocator clients;
 
-	public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException {
- 		super(access, name, env);
- 		mxcwiS = new ConcurrentHashMap<>();
- 		mxcwiC = new ConcurrentHashMap<>();
- 		
- 		if(params.length<2) {
- 			throw new CertException("No Trust Chain parameters are included");
- 		} 
- 		if(params[0].length<2) {
- 			throw new CertException("User/Password required for JSCEP");
- 		}
- 		final String id = params[0][0];
- 		final String pw = params[0][1]; 
-		
-		// Set this for NTLM password Microsoft
-		Authenticator.setDefault(new Authenticator() {
-			  public PasswordAuthentication getPasswordAuthentication () {
-		            try {
-						return new PasswordAuthentication (id,access.decrypt(pw,true).toCharArray());
-					} catch (IOException e) {
-						access.log(e);
-					}
-					return null;
-		      }
-		});
-		
-		StringBuilder urlstr = new StringBuilder();
+    public JscepCA(final Access access, final String name, final String env, String [][] params) throws IOException, CertException, LocatorException {
+         super(access, name, env);
+         mxcwiS = new ConcurrentHashMap<>();
+         mxcwiC = new ConcurrentHashMap<>();
+         
+         if(params.length<2) {
+             throw new CertException("No Trust Chain parameters are included");
+         } 
+         if(params[0].length<2) {
+             throw new CertException("User/Password required for JSCEP");
+         }
+         final String id = params[0][0];
+         final String pw = params[0][1]; 
+        
+        // Set this for NTLM password Microsoft
+        Authenticator.setDefault(new Authenticator() {
+              public PasswordAuthentication getPasswordAuthentication () {
+                    try {
+                        return new PasswordAuthentication (id,access.decrypt(pw,true).toCharArray());
+                    } catch (IOException e) {
+                        access.log(e);
+                    }
+                    return null;
+              }
+        });
+        
+        StringBuilder urlstr = new StringBuilder();
 
-		for(int i=1;i<params.length;++i) { // skip first section, which is user/pass
-			// Work 
-			if(i>1) {
-				urlstr.append(','); // delimiter
-			}
-			urlstr.append(params[i][0]);
-			
-			String dir = access.getProperty(CM_PUBLIC_DIR, "");
-			if(!"".equals(dir) && !dir.endsWith("/")) {
-				dir = dir + '/';
-			}
-			String path;
-			List<FileReader> frs = new ArrayList<>(params.length-1);
-			try {
-				for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
-					path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j];
-					access.printf(Level.INIT, "Loading a TrustChain Member for %s from %s",name, path);
-					frs.add(new FileReader(path));
-				}
-				X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs);
-				addCaIssuerDN(xcwi.getIssuerDN());
-				mxcwiS.put(params[i][0],xcwi);
-			} finally {
-				for(FileReader fr : frs) {
-					if(fr!=null) {
-						fr.close();
-					}
-				}
-			}
-		}		
-		clients = new JscepClientLocator(access,urlstr.toString());
-	}
+        for(int i=1;i<params.length;++i) { // skip first section, which is user/pass
+            // Work 
+            if(i>1) {
+                urlstr.append(','); // delimiter
+            }
+            urlstr.append(params[i][0]);
+            
+            String dir = access.getProperty(CM_PUBLIC_DIR, "");
+            if(!"".equals(dir) && !dir.endsWith("/")) {
+                dir = dir + '/';
+            }
+            String path;
+            List<FileReader> frs = new ArrayList<>(params.length-1);
+            try {
+                for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
+                    path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j];
+                    access.printf(Level.INIT, "Loading a TrustChain Member for %s from %s",name, path);
+                    frs.add(new FileReader(path));
+                }
+                X509ChainWithIssuer xcwi = new X509ChainWithIssuer(frs);
+                addCaIssuerDN(xcwi.getIssuerDN());
+                mxcwiS.put(params[i][0],xcwi);
+            } finally {
+                for(FileReader fr : frs) {
+                    if(fr!=null) {
+                        fr.close();
+                    }
+                }
+            }
+        }        
+        clients = new JscepClientLocator(access,urlstr.toString());
+    }
 
-	// package on purpose
-	
-	@Override
-	public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
-		TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB);
-		PKCS10CertificationRequest csr;
-		try {
-			csr = csrmeta.generateCSR(trans);
-			if(trans.info().isLoggable()) {
-				trans.info().log(BCFactory.toString(csr));
-			} 
-			if(trans.info().isLoggable()) {
-				trans.info().log(csr);
-			}
-		} finally {
-			tt.done();
-		}
-		
-		tt = trans.start("Enroll CSR", Env.SUB);
-		Client client = null;
-		Item item = null;
-		for(int i=0; i<MAX_RETRY;++i) {
-			try {
-				item = clients.best();
-				client = clients.get(item);
-				
-				EnrollmentResponse er = client.enrol(
-						csrmeta.initialConversationCert(trans),
-						csrmeta.keypair(trans).getPrivate(),
-						csr,
-						MS_PROFILE /* profile... MS can't deal with blanks*/);
-				
-				while(true) {
-					if(er.isSuccess()) {
-						trans.checkpoint("Cert from " + clients.info(item));
-						X509Certificate x509 = null;
-						for( Certificate cert : er.getCertStore().getCertificates(null)) {
-							if(x509==null) {
-								x509 = (X509Certificate)cert;
-								break;
-							}
-						}
-						X509ChainWithIssuer mxcwi = mxcwiC.get(client);
-						return new X509ChainWithIssuer(mxcwi,x509);
+    // package on purpose
+    
+    @Override
+    public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
+        TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB);
+        PKCS10CertificationRequest csr;
+        try {
+            csr = csrmeta.generateCSR(trans);
+            if(trans.info().isLoggable()) {
+                trans.info().log(BCFactory.toString(csr));
+            } 
+            if(trans.info().isLoggable()) {
+                trans.info().log(csr);
+            }
+        } finally {
+            tt.done();
+        }
+        
+        tt = trans.start("Enroll CSR", Env.SUB);
+        Client client = null;
+        Item item = null;
+        for(int i=0; i<MAX_RETRY;++i) {
+            try {
+                item = clients.best();
+                client = clients.get(item);
+                
+                EnrollmentResponse er = client.enrol(
+                        csrmeta.initialConversationCert(trans),
+                        csrmeta.keypair(trans).getPrivate(),
+                        csr,
+                        MS_PROFILE /* profile... MS can't deal with blanks*/);
+                
+                while(true) {
+                    if(er.isSuccess()) {
+                        trans.checkpoint("Cert from " + clients.info(item));
+                        X509Certificate x509 = null;
+                        for( Certificate cert : er.getCertStore().getCertificates(null)) {
+                            if(x509==null) {
+                                x509 = (X509Certificate)cert;
+                                break;
+                            }
+                        }
+                        X509ChainWithIssuer mxcwi = mxcwiC.get(client);
+                        return new X509ChainWithIssuer(mxcwi,x509);
 
-					} else if (er.isPending()) {
-						trans.checkpoint("Polling, waiting on CA to complete");
-						Thread.sleep(3000);
-					} else if (er.isFailure()) {
-						throw new CertException(clients.info(item)+':'+er.getFailInfo().toString());
-					}
-				}
-			} catch(LocatorException e) {
-				trans.error().log(e);
-				i=MAX_RETRY;
-			} catch (ClientException e) {
-				trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client: " + clients.info(item));
-				try  { 
-					clients.invalidate(client);
-					if(!clients.hasItems()) {
-						clients.refresh();
-					}
-				} catch (LocatorException e1) {
-					trans.error().log(e,clients.info(item));
-					i=MAX_RETRY;  // can't go any further
-				}
-			} catch (InterruptedException|TransactionException|CertificateException|OperatorCreationException | CertStoreException e) {
-				trans.error().log(e);
-				i=MAX_RETRY;
-			} finally {
-				tt.done();
-			}
-		}
-		
-		return null;
-	}
-	
-	/**
-	 * Locator specifically for Jscep Clients.
-	 * 
-	 * Class based client for access to common Map
-	 */
-	private class JscepClientLocator extends HotPeerLocator<Client> {
+                    } else if (er.isPending()) {
+                        trans.checkpoint("Polling, waiting on CA to complete");
+                        Thread.sleep(3000);
+                    } else if (er.isFailure()) {
+                        throw new CertException(clients.info(item)+':'+er.getFailInfo().toString());
+                    }
+                }
+            } catch(LocatorException e) {
+                trans.error().log(e);
+                i=MAX_RETRY;
+            } catch (ClientException e) {
+                trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client: " + clients.info(item));
+                try  { 
+                    clients.invalidate(client);
+                    if(!clients.hasItems()) {
+                        clients.refresh();
+                    }
+                } catch (LocatorException e1) {
+                    trans.error().log(e,clients.info(item));
+                    i=MAX_RETRY;  // can't go any further
+                }
+            } catch (InterruptedException|TransactionException|CertificateException|OperatorCreationException | CertStoreException e) {
+                trans.error().log(e);
+                i=MAX_RETRY;
+            } finally {
+                tt.done();
+            }
+        }
+        
+        return null;
+    }
+    
+    /**
+     * Locator specifically for Jscep Clients.
+     * 
+     * Class based client for access to common Map
+     */
+    private class JscepClientLocator extends HotPeerLocator<Client> {
 
-		protected JscepClientLocator(Access access, String urlstr)throws LocatorException {
-			super(access, urlstr, JscepCA.INVALIDATE_TIME,
-			 	access.getProperty("cadi_latitude","39.833333"), //Note: Defaulting to GEO center of US
-			 	access.getProperty("cadi_longitude","-98.583333")
-			 	);
-		}
+        protected JscepClientLocator(Access access, String urlstr)throws LocatorException {
+            super(access, urlstr, JscepCA.INVALIDATE_TIME,
+                 access.getProperty("cadi_latitude","39.833333"), //Note: Defaulting to GEO center of US
+                 access.getProperty("cadi_longitude","-98.583333")
+                 );
+        }
 
-		@Override
-		protected Client _newClient(String urlinfo) throws LocatorException {
-			try {
-				String[] info = Split.split('/', urlinfo);
-				Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX), 
-						new CertificateVerifier() {
-						@Override
-						public boolean verify(X509Certificate cert) {
-							//TODO checkIssuer
-							return true;
-						}
-					}
-				);
-				// Map URL to Client, because Client doesn't expose Connection
-				mxcwiC.put(c, mxcwiS.get(urlinfo));
-				return c;
-			} catch (MalformedURLException e) {
-				throw new LocatorException(e);
-			}
-		}
+        @Override
+        protected Client _newClient(String urlinfo) throws LocatorException {
+            try {
+                String[] info = Split.split('/', urlinfo);
+                Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX), 
+                        new CertificateVerifier() {
+                        @Override
+                        public boolean verify(X509Certificate cert) {
+                            //TODO checkIssuer
+                            return true;
+                        }
+                    }
+                );
+                // Map URL to Client, because Client doesn't expose Connection
+                mxcwiC.put(c, mxcwiS.get(urlinfo));
+                return c;
+            } catch (MalformedURLException e) {
+                throw new LocatorException(e);
+            }
+        }
 
-		@Override
-		protected Client _invalidate(Client client) {
-			return null;
-		}
+        @Override
+        protected Client _invalidate(Client client) {
+            return null;
+        }
 
-		@Override
-		protected void _destroy(Client client) {
-			mxcwiC.remove(client);
-		}
-		
-		
-	}
+        @Override
+        protected void _destroy(Client client) {
+            mxcwiC.remove(client);
+        }
+        
+        
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
index 893e9f32..b7d78f05 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
@@ -73,194 +73,194 @@ import org.onap.aaf.misc.env.Trans;
 
 public class LocalCA extends CA {
 
-	private final static BigInteger ONE = new BigInteger("1");
-	// Extensions
-	private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {
-				KeyPurposeId.id_kp_serverAuth, // WebServer
-				KeyPurposeId.id_kp_clientAuth // WebClient
-				};
-	
-	private final PrivateKey caKey;
-	private final X500Name issuer;
-	private final SecureRandom random = new SecureRandom();
-	private BigInteger serial;
-	private final X509ChainWithIssuer x509cwi; // "Cert" is CACert
-	
-	
-	public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException {
-		super(access, name, env);
-	
-		serial = new BigInteger(64,random);
+    private final static BigInteger ONE = new BigInteger("1");
+    // Extensions
+    private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {
+                KeyPurposeId.id_kp_serverAuth, // WebServer
+                KeyPurposeId.id_kp_clientAuth // WebClient
+                };
+    
+    private final PrivateKey caKey;
+    private final X500Name issuer;
+    private final SecureRandom random = new SecureRandom();
+    private BigInteger serial;
+    private final X509ChainWithIssuer x509cwi; // "Cert" is CACert
+    
+    
+    public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException {
+        super(access, name, env);
+    
+        serial = new BigInteger(64,random);
 
-		if(params.length<1 || params[0].length<2) {
-			throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+");
-		}
-		
-		// Read in the Private Key
-		String configured;
-		File f = new File(params[0][0]);
-		if(f.exists() && f.isFile()) {
-			String fileName = f.getName();
-			if(fileName.endsWith(".key")) {
-				caKey = Factory.toPrivateKey(NullTrans.singleton(),f);
-				List<FileReader> frs = new ArrayList<>(params.length-1);
-				try {
-					String dir = access.getProperty(CM_PUBLIC_DIR, "");
-					if(!"".equals(dir) && !dir.endsWith("/")) {
-						dir = dir + '/';
-					}
+        if(params.length<1 || params[0].length<2) {
+            throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+");
+        }
+        
+        // Read in the Private Key
+        String configured;
+        File f = new File(params[0][0]);
+        if(f.exists() && f.isFile()) {
+            String fileName = f.getName();
+            if(fileName.endsWith(".key")) {
+                caKey = Factory.toPrivateKey(NullTrans.singleton(),f);
+                List<FileReader> frs = new ArrayList<>(params.length-1);
+                try {
+                    String dir = access.getProperty(CM_PUBLIC_DIR, "");
+                    if(!"".equals(dir) && !dir.endsWith("/")) {
+                        dir = dir + '/';
+                    }
 
-					String path;
-					for(int i=1; i<params[0].length; ++i) { // first param is Private Key, remainder are TrustChain
-						path = !params[0][i].contains("/")?dir+params[0][i]:params[0][i];
-						access.printf(Level.INIT, "Loading a TrustChain Member for %s from %s\n",name, path);
-						frs.add(new FileReader(path));
-					}
-					x509cwi = new X509ChainWithIssuer(frs);
-				} finally {
-					for(FileReader fr : frs) {
-						if(fr!=null) {
-							fr.close();
-						}
-					}
-				}
-				configured = "Configured with " + fileName;
-			} else {
-				if(params.length<1 || params[0].length<3) {
-					throw new CertException("LocalCA parameters must be <keystore [.p12|.pkcs12|.jks|.pkcs11(sun only)]; <alias>; enc:<encrypted Keystore Password>>");
-				}
-				try {
-					Provider p;
-					KeyStore keyStore;
-					FileInputStream fis = null;
-					if(fileName.endsWith(".pkcs11")) {
-						String ksType="PKCS11";
-						p = Factory.getSecurityProvider(ksType,params);
-						keyStore = KeyStore.getInstance(ksType,p);
-					} else if(fileName.endsWith(".jks")) {
-						keyStore = KeyStore.getInstance("JKS");
-					        fis = new FileInputStream(f);
-					} else if(fileName.endsWith(".p12") || fileName.endsWith(".pkcs12")) {
-						keyStore = KeyStore.getInstance("PKCS12");
-					        fis = new FileInputStream(f);
-					} else {
-						throw new CertException("Unknown Keystore type from filename " + fileName);
-					}
-					
-					KeyStore.ProtectionParameter keyPass;
+                    String path;
+                    for(int i=1; i<params[0].length; ++i) { // first param is Private Key, remainder are TrustChain
+                        path = !params[0][i].contains("/")?dir+params[0][i]:params[0][i];
+                        access.printf(Level.INIT, "Loading a TrustChain Member for %s from %s\n",name, path);
+                        frs.add(new FileReader(path));
+                    }
+                    x509cwi = new X509ChainWithIssuer(frs);
+                } finally {
+                    for(FileReader fr : frs) {
+                        if(fr!=null) {
+                            fr.close();
+                        }
+                    }
+                }
+                configured = "Configured with " + fileName;
+            } else {
+                if(params.length<1 || params[0].length<3) {
+                    throw new CertException("LocalCA parameters must be <keystore [.p12|.pkcs12|.jks|.pkcs11(sun only)]; <alias>; enc:<encrypted Keystore Password>>");
+                }
+                try {
+                    Provider p;
+                    KeyStore keyStore;
+                    FileInputStream fis = null;
+                    if(fileName.endsWith(".pkcs11")) {
+                        String ksType="PKCS11";
+                        p = Factory.getSecurityProvider(ksType,params);
+                        keyStore = KeyStore.getInstance(ksType,p);
+                    } else if(fileName.endsWith(".jks")) {
+                        keyStore = KeyStore.getInstance("JKS");
+                            fis = new FileInputStream(f);
+                    } else if(fileName.endsWith(".p12") || fileName.endsWith(".pkcs12")) {
+                        keyStore = KeyStore.getInstance("PKCS12");
+                            fis = new FileInputStream(f);
+                    } else {
+                        throw new CertException("Unknown Keystore type from filename " + fileName);
+                    }
+                    
+                    KeyStore.ProtectionParameter keyPass;
 
-					try {
-						String pass = access.decrypt(params[0][2]/*encrypted passcode*/, true);
-						if(pass==null) {
-							throw new CertException("Passcode for " + fileName + " cannot be decrypted.");
-						}
-						char[] ksPass = pass.toCharArray();
-						//Assuming Key Pass is same as Keystore Pass
-						keyPass = new KeyStore.PasswordProtection(ksPass);
+                    try {
+                        String pass = access.decrypt(params[0][2]/*encrypted passcode*/, true);
+                        if(pass==null) {
+                            throw new CertException("Passcode for " + fileName + " cannot be decrypted.");
+                        }
+                        char[] ksPass = pass.toCharArray();
+                        //Assuming Key Pass is same as Keystore Pass
+                        keyPass = new KeyStore.PasswordProtection(ksPass);
 
-						keyStore.load(fis,ksPass);
-					} finally {
-						if (fis != null)
-							fis.close();
-					}
-					Entry entry;
-					if(fileName.endsWith(".pkcs11")) {
-						entry = keyStore.getEntry(params[0][1]/*alias*/, null);
-					} else {
-						entry = keyStore.getEntry(params[0][1]/*alias*/, keyPass);
-					}
-					if(entry==null) {
-						throw new CertException("There is no Keystore entry with name '" + params[0][1] +'\'');
-					}
-					PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry)entry;
-					caKey = privateKeyEntry.getPrivateKey();
-					
-					x509cwi = new X509ChainWithIssuer(privateKeyEntry.getCertificateChain());
-					configured =  "keystore \"" + fileName + "\", alias " + params[0][1];
-				} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException e) {
-					throw new CertException("Exception opening Keystore " + fileName, e);
-				}
-			}
-		} else {
-			throw new CertException("Private Key, " + f.getPath() + ", does not exist");
-		}
-		
-		X500NameBuilder xnb = new X500NameBuilder();
-		List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN());
-		Collections.reverse(rp);
-		for(RDN rnd : rp) {
-			xnb.addRDN(rnd.aoi,rnd.value);
-		}
-		issuer = xnb.build();
-		access.printf(Level.INIT, "LocalCA is configured with %s.  The Issuer DN is %s.",
-				configured, issuer.toString());
-	}
+                        keyStore.load(fis,ksPass);
+                    } finally {
+                        if (fis != null)
+                            fis.close();
+                    }
+                    Entry entry;
+                    if(fileName.endsWith(".pkcs11")) {
+                        entry = keyStore.getEntry(params[0][1]/*alias*/, null);
+                    } else {
+                        entry = keyStore.getEntry(params[0][1]/*alias*/, keyPass);
+                    }
+                    if(entry==null) {
+                        throw new CertException("There is no Keystore entry with name '" + params[0][1] +'\'');
+                    }
+                    PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry)entry;
+                    caKey = privateKeyEntry.getPrivateKey();
+                    
+                    x509cwi = new X509ChainWithIssuer(privateKeyEntry.getCertificateChain());
+                    configured =  "keystore \"" + fileName + "\", alias " + params[0][1];
+                } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException e) {
+                    throw new CertException("Exception opening Keystore " + fileName, e);
+                }
+            }
+        } else {
+            throw new CertException("Private Key, " + f.getPath() + ", does not exist");
+        }
+        
+        X500NameBuilder xnb = new X500NameBuilder();
+        List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN());
+        Collections.reverse(rp);
+        for(RDN rnd : rp) {
+            xnb.addRDN(rnd.aoi,rnd.value);
+        }
+        issuer = xnb.build();
+        access.printf(Level.INIT, "LocalCA is configured with %s.  The Issuer DN is %s.",
+                configured, issuer.toString());
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.service.CA#sign(org.bouncycastle.pkcs.PKCS10CertificationRequest)
-	 */
-	@Override
-	public X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
-		GregorianCalendar gc = new GregorianCalendar();
-		Date start = gc.getTime();
-		gc.add(GregorianCalendar.MONTH, 6);
-		Date end = gc.getTime();
-		X509Certificate x509;
-		TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);
-		try {
-			BigInteger bi;
-			
-			synchronized(ONE) {
-				bi = serial;
-				serial = serial.add(ONE);
-			}
-				
-			RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic();
-			X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
-					issuer,
-					bi, // replace with Serialnumber scheme
-					start,
-					end,
-					csrmeta.x500Name(),
-					SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent()))
-//					new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))
-					);
-			List<GeneralName> lsan = new ArrayList<>();
-			for(String s : csrmeta.sans()) {
-				lsan.add(new GeneralName(GeneralName.dNSName,s));
-			}
-			GeneralName[] sans = new GeneralName[lsan.size()];
-			lsan.toArray(sans);
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.service.CA#sign(org.bouncycastle.pkcs.PKCS10CertificationRequest)
+     */
+    @Override
+    public X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
+        GregorianCalendar gc = new GregorianCalendar();
+        Date start = gc.getTime();
+        gc.add(GregorianCalendar.MONTH, 6);
+        Date end = gc.getTime();
+        X509Certificate x509;
+        TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);
+        try {
+            BigInteger bi;
+            
+            synchronized(ONE) {
+                bi = serial;
+                serial = serial.add(ONE);
+            }
+                
+            RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic();
+            X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
+                    issuer,
+                    bi, // replace with Serialnumber scheme
+                    start,
+                    end,
+                    csrmeta.x500Name(),
+                    SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent()))
+//                    new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))
+                    );
+            List<GeneralName> lsan = new ArrayList<>();
+            for(String s : csrmeta.sans()) {
+                lsan.add(new GeneralName(GeneralName.dNSName,s));
+            }
+            GeneralName[] sans = new GeneralName[lsan.size()];
+            lsan.toArray(sans);
 
-		    JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
-		    	xcb.addExtension(Extension.basicConstraints,
-                    	false, new BasicConstraints(false
-                    			))
-		            .addExtension(Extension.keyUsage,
-		                true, new KeyUsage(KeyUsage.digitalSignature
-		                                 | KeyUsage.keyEncipherment 
-		                                 | KeyUsage.nonRepudiation))
-		            .addExtension(Extension.extendedKeyUsage,
-		                          true, new ExtendedKeyUsage(ASN_WebUsage))
+            JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+                xcb.addExtension(Extension.basicConstraints,
+                        false, new BasicConstraints(false
+                                ))
+                    .addExtension(Extension.keyUsage,
+                        true, new KeyUsage(KeyUsage.digitalSignature
+                                         | KeyUsage.keyEncipherment 
+                                         | KeyUsage.nonRepudiation))
+                    .addExtension(Extension.extendedKeyUsage,
+                                  true, new ExtendedKeyUsage(ASN_WebUsage))
                     .addExtension(Extension.authorityKeyIdentifier,
-	                          false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert))
+                              false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert))
                     .addExtension(Extension.subjectKeyIdentifier,
-	                          false, extUtils.createSubjectKeyIdentifier(rpk))
-		            .addExtension(Extension.subjectAlternativeName,
-		            		false, new GeneralNames(sans))
-//		            .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType(
-//		            		NetscapeCertType.sslClient|NetscapeCertType.sslClient))
-		            ;		            
-	
-			x509 = new JcaX509CertificateConverter().getCertificate(
-					xcb.build(BCFactory.contentSigner(caKey)));
-		} catch (GeneralSecurityException|OperatorCreationException e) {
-			throw new CertException(e);
-		} finally {
-			tt.done();
-		}
-		
-		return new X509andChain(x509,x509cwi.trustChain);
-	}
+                              false, extUtils.createSubjectKeyIdentifier(rpk))
+                    .addExtension(Extension.subjectAlternativeName,
+                            false, new GeneralNames(sans))
+//                    .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType(
+//                            NetscapeCertType.sslClient|NetscapeCertType.sslClient))
+                    ;                    
+    
+            x509 = new JcaX509CertificateConverter().getCertificate(
+                    xcb.build(BCFactory.contentSigner(caKey)));
+        } catch (GeneralSecurityException|OperatorCreationException e) {
+            throw new CertException(e);
+        } finally {
+            tt.done();
+        }
+        
+        return new X509andChain(x509,x509cwi.trustChain);
+    }
 
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
index e31b9988..e51f2faa 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
@@ -33,61 +33,61 @@ import org.onap.aaf.cadi.configure.CertException;
 import org.onap.aaf.cadi.configure.Factory;
 
 public class X509ChainWithIssuer extends X509andChain {
-	private String issuerDN;
-	public X509Certificate caX509;
+    private String issuerDN;
+    public X509Certificate caX509;
 
-	public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) throws IOException, CertException {
-		super(x509,orig.trustChain);
-		issuerDN=orig.issuerDN;		
-	}
-	
-	public X509ChainWithIssuer(final List<? extends Reader> rdrs) throws IOException, CertException {
-		// Trust Chain.  Last one should be the CA
-		Collection<? extends Certificate> certs;
-		X509Certificate x509;
-		for(Reader rdr : rdrs) {
-			if(rdr==null) { // cover for badly formed array
-				continue;
-			}
-			
-			byte[] bytes = Factory.decode(rdr,null);
-			try {
-				certs = Factory.toX509Certificate(bytes);
-			} catch (CertificateException e) {
-				throw new CertException(e);
-			}
-			for(Certificate c : certs) {
-				x509=(X509Certificate)c;
-				Principal subject = x509.getSubjectDN();
-				if(subject==null) {
-					continue;
-				}
-				if(cert==null) { // first in Trust Chain
-					issuerDN = subject.toString();
-					cert=x509; // adding each time makes sure last one is signer.
-				}
-				addTrustChainEntry(x509);
-			}
-		}
-	}
-	
-	public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException {
-		X509Certificate x509;
-		for(int i=certs.length-1; i>=0; --i) {
-			x509=(X509Certificate)certs[i];
-			Principal subject = x509.getSubjectDN();
-			if(subject!=null) {
-				addTrustChainEntry(x509);
-				if(i==0) { // last one is signer
-					cert=x509; 
-					issuerDN= subject.toString(); 
-				}
-			}
-		}
-	}
+    public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) throws IOException, CertException {
+        super(x509,orig.trustChain);
+        issuerDN=orig.issuerDN;        
+    }
+    
+    public X509ChainWithIssuer(final List<? extends Reader> rdrs) throws IOException, CertException {
+        // Trust Chain.  Last one should be the CA
+        Collection<? extends Certificate> certs;
+        X509Certificate x509;
+        for(Reader rdr : rdrs) {
+            if(rdr==null) { // cover for badly formed array
+                continue;
+            }
+            
+            byte[] bytes = Factory.decode(rdr,null);
+            try {
+                certs = Factory.toX509Certificate(bytes);
+            } catch (CertificateException e) {
+                throw new CertException(e);
+            }
+            for(Certificate c : certs) {
+                x509=(X509Certificate)c;
+                Principal subject = x509.getSubjectDN();
+                if(subject==null) {
+                    continue;
+                }
+                if(cert==null) { // first in Trust Chain
+                    issuerDN = subject.toString();
+                    cert=x509; // adding each time makes sure last one is signer.
+                }
+                addTrustChainEntry(x509);
+            }
+        }
+    }
+    
+    public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException {
+        X509Certificate x509;
+        for(int i=certs.length-1; i>=0; --i) {
+            x509=(X509Certificate)certs[i];
+            Principal subject = x509.getSubjectDN();
+            if(subject!=null) {
+                addTrustChainEntry(x509);
+                if(i==0) { // last one is signer
+                    cert=x509; 
+                    issuerDN= subject.toString(); 
+                }
+            }
+        }
+    }
 
-	public String getIssuerDN() {
-		return issuerDN;
-	}
+    public String getIssuerDN() {
+        return issuerDN;
+    }
 
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
index 5141cc62..3c684db2 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
@@ -37,44 +37,44 @@ import org.onap.aaf.cadi.configure.Factory;
  *
  */
 public class X509andChain {
-	protected X509Certificate cert;
-	protected String[] trustChain;
-	
-	public X509andChain() {
-		cert = null;
-		trustChain = null;
-	}
-	
-	public X509andChain(X509Certificate cert, String[] tc) throws IOException, CertException {
-		this.cert = cert;
-		trustChain=tc;
-	}
+    protected X509Certificate cert;
+    protected String[] trustChain;
+    
+    public X509andChain() {
+        cert = null;
+        trustChain = null;
+    }
+    
+    public X509andChain(X509Certificate cert, String[] tc) throws IOException, CertException {
+        this.cert = cert;
+        trustChain=tc;
+    }
 
-	public X509andChain(X509Certificate cert, List<String> chain) throws IOException, CertException {
-		this.cert = cert;
-		trustChain = new String[chain.size()+1];
-		chain.toArray(trustChain);
-	}
-	
-	
-	public void addTrustChainEntry(X509Certificate x509) throws IOException, CertException {
-		if(trustChain==null) {
-			trustChain = new String[] {Factory.toString(NullTrans.singleton(),x509)};
-		} else {
-			String[] temp = new String[trustChain.length+1];
-			System.arraycopy(trustChain, 0, temp, 0, trustChain.length);
-			temp[trustChain.length]=Factory.toString(NullTrans.singleton(),x509);
-			trustChain=temp;
-		}
-	}
-	
+    public X509andChain(X509Certificate cert, List<String> chain) throws IOException, CertException {
+        this.cert = cert;
+        trustChain = new String[chain.size()+1];
+        chain.toArray(trustChain);
+    }
+    
+    
+    public void addTrustChainEntry(X509Certificate x509) throws IOException, CertException {
+        if(trustChain==null) {
+            trustChain = new String[] {Factory.toString(NullTrans.singleton(),x509)};
+        } else {
+            String[] temp = new String[trustChain.length+1];
+            System.arraycopy(trustChain, 0, temp, 0, trustChain.length);
+            temp[trustChain.length]=Factory.toString(NullTrans.singleton(),x509);
+            trustChain=temp;
+        }
+    }
+    
 
-	public X509Certificate getX509() {
-		return cert;
-	}
-	
-	public String[] getTrustChain() {
-		return trustChain;
-	}
-	
+    public X509Certificate getX509() {
+        return cert;
+    }
+    
+    public String[] getTrustChain() {
+        return trustChain;
+    }
+    
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
index e40a7a21..8edfa634 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
@@ -52,100 +52,100 @@ import org.onap.aaf.misc.env.Trans;
  *
  */
 public class BCFactory extends Factory {
-	private static final JcaContentSignerBuilder jcsb;
+    private static final JcaContentSignerBuilder jcsb;
 
 
-	static {
-		// Bouncy
-		jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO);
-	}
-	
-	public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException {
-		return jcsb.build(pk);
-	}
-	
-	public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException {
-		if(csr==null) {
-			throw new CertException("x509 Certificate Request not built");
-		}
-		return textBuilder("CERTIFICATE REQUEST",csr.getEncoded());
-	}
+    static {
+        // Bouncy
+        jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO);
+    }
+    
+    public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException {
+        return jcsb.build(pk);
+    }
+    
+    public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException {
+        if(csr==null) {
+            throw new CertException("x509 Certificate Request not built");
+        }
+        return textBuilder("CERTIFICATE REQUEST",csr.getEncoded());
+    }
 
-	public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException {
-		TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB);
-		try {
-			FileReader fr = new FileReader(file);
-			return new PKCS10CertificationRequest(decode(strip(fr)));
-		} finally {
-			tt.done();
-		}
-	}
+    public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException {
+        TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB);
+        try {
+            FileReader fr = new FileReader(file);
+            return new PKCS10CertificationRequest(decode(strip(fr)));
+        } finally {
+            tt.done();
+        }
+    }
 
-	public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
-		TimeTaken tt = trans.start("Encode Security Object", Env.SUB);
-		try {
-			return sign(trans,toSign.getEncoded(),pk);
-		} finally {
-			tt.done();
-		}
-	}
-	
-	public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException {
-		CSRMeta csr = ca.newCSRMeta();
-		boolean first = true;
-		// Set CN (and SAN)
-		for(String fqdn : fqdns) {
-			if(first) {
-				first = false;
-				csr.cn(fqdn);
-			}
-			csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 
-		}
-		
-		csr.challenge(new String(Symm.randomGen(24)));
-		csr.mechID(mechid);
-		csr.email(sponsorEmail);
-		String errs;
-		if((errs=validateApp(csr))!=null) {
-			throw new CertException(errs);
-		}
-		return csr;
-	}
-	
-	private static String validateApp(CSRMeta csr) {
-		CertmanValidator v = new CertmanValidator();
-		if(v.nullOrBlank("cn", csr.cn())
-			.nullOrBlank("mechID", csr.mechID())
-//			.nullOrBlank("email", csr.email())
-			.err()) {
-			return v.errs();
-		} else {
-			return null;
-		}
-	}
+    public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
+        TimeTaken tt = trans.start("Encode Security Object", Env.SUB);
+        try {
+            return sign(trans,toSign.getEncoded(),pk);
+        } finally {
+            tt.done();
+        }
+    }
+    
+    public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException {
+        CSRMeta csr = ca.newCSRMeta();
+        boolean first = true;
+        // Set CN (and SAN)
+        for(String fqdn : fqdns) {
+            if(first) {
+                first = false;
+                csr.cn(fqdn);
+            }
+            csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 
+        }
+        
+        csr.challenge(new String(Symm.randomGen(24)));
+        csr.mechID(mechid);
+        csr.email(sponsorEmail);
+        String errs;
+        if((errs=validateApp(csr))!=null) {
+            throw new CertException(errs);
+        }
+        return csr;
+    }
+    
+    private static String validateApp(CSRMeta csr) {
+        CertmanValidator v = new CertmanValidator();
+        if(v.nullOrBlank("cn", csr.cn())
+            .nullOrBlank("mechID", csr.mechID())
+//            .nullOrBlank("email", csr.email())
+            .err()) {
+            return v.errs();
+        } else {
+            return null;
+        }
+    }
 
-	public static CSRMeta createPersonalCSRMeta(CA ca, String personal, String email) throws CertException {
-		CSRMeta csr = ca.newCSRMeta();
-		csr.cn(personal);
-		csr.challenge(new String(Symm.randomGen(24)));
-		csr.email(email);
-		String errs;
-		if((errs=validatePersonal(csr))!=null) {
-			throw new CertException(errs);
-		}
-		return csr;
-	}
+    public static CSRMeta createPersonalCSRMeta(CA ca, String personal, String email) throws CertException {
+        CSRMeta csr = ca.newCSRMeta();
+        csr.cn(personal);
+        csr.challenge(new String(Symm.randomGen(24)));
+        csr.email(email);
+        String errs;
+        if((errs=validatePersonal(csr))!=null) {
+            throw new CertException(errs);
+        }
+        return csr;
+    }
 
-	private static String validatePersonal(CSRMeta csr) {
-		CertmanValidator v = new CertmanValidator();
-		if(v.nullOrBlank("cn", csr.cn())
-			.nullOrBlank("email", csr.email())
-			.err()) {
-			return v.errs();
-		} else {
-			return null;
-		}
-	}
-	
+    private static String validatePersonal(CSRMeta csr) {
+        CertmanValidator v = new CertmanValidator();
+        if(v.nullOrBlank("cn", csr.cn())
+            .nullOrBlank("email", csr.email())
+            .err()) {
+            return v.errs();
+        } else {
+            return null;
+        }
+    }
+    
 
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
index f9fcad17..5df439ab 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
@@ -54,212 +54,212 @@ import org.onap.aaf.cadi.configure.Factory;
 import org.onap.aaf.misc.env.Trans;
 
 public class CSRMeta {
-	private String cn;
-	private String mechID;
-	private String environment;
-	private String email;
-	private String challenge;
-	private List<RDN> rdns;
-	private ArrayList<String> sanList = new ArrayList<>();
-	private KeyPair keyPair;
-	private X500Name name = null;
-	private SecureRandom random = new SecureRandom();
+    private String cn;
+    private String mechID;
+    private String environment;
+    private String email;
+    private String challenge;
+    private List<RDN> rdns;
+    private ArrayList<String> sanList = new ArrayList<>();
+    private KeyPair keyPair;
+    private X500Name name = null;
+    private SecureRandom random = new SecureRandom();
 
-	public CSRMeta(List<RDN> rdns) {
-		this.rdns = rdns;
-	}
+    public CSRMeta(List<RDN> rdns) {
+        this.rdns = rdns;
+    }
 
-	public X500Name x500Name() {
-		if(name==null) {
-			X500NameBuilder xnb = new X500NameBuilder();
-			xnb.addRDN(BCStyle.CN,cn);
-			xnb.addRDN(BCStyle.E,email);
-			if(mechID!=null) {
-				if(environment==null) {
-					xnb.addRDN(BCStyle.OU,mechID);
-				} else {
-					xnb.addRDN(BCStyle.OU,mechID+':'+environment);
-				}
-			}
-			for(RDN rdn : rdns) {
-				xnb.addRDN(rdn.aoi,rdn.value);
-			}
-			name = xnb.build();
-		}
-		return name;
-	}
-	
-	
-	public PKCS10CertificationRequest  generateCSR(Trans trans) throws IOException, CertException {
-		PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());
-		if(challenge!=null) {
-			DERPrintableString password = new DERPrintableString(challenge);
-			builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);
-		}
-		
-		int plus = email==null?0:1;
-		if(!sanList.isEmpty()) {
-			GeneralName[] gna = new GeneralName[sanList.size()+plus];
-			int i=-1;
-			for(String s : sanList) {
-				gna[++i]=new GeneralName(GeneralName.dNSName,s);
-			}
-			gna[++i]=new GeneralName(GeneralName.rfc822Name,email);
-			
-			builder.addAttribute(
-					PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
-					new Extensions(new Extension[] {
-							new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())
-					})
-			);
-		}
+    public X500Name x500Name() {
+        if(name==null) {
+            X500NameBuilder xnb = new X500NameBuilder();
+            xnb.addRDN(BCStyle.CN,cn);
+            xnb.addRDN(BCStyle.E,email);
+            if(mechID!=null) {
+                if(environment==null) {
+                    xnb.addRDN(BCStyle.OU,mechID);
+                } else {
+                    xnb.addRDN(BCStyle.OU,mechID+':'+environment);
+                }
+            }
+            for(RDN rdn : rdns) {
+                xnb.addRDN(rdn.aoi,rdn.value);
+            }
+            name = xnb.build();
+        }
+        return name;
+    }
+    
+    
+    public PKCS10CertificationRequest  generateCSR(Trans trans) throws IOException, CertException {
+        PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());
+        if(challenge!=null) {
+            DERPrintableString password = new DERPrintableString(challenge);
+            builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);
+        }
+        
+        int plus = email==null?0:1;
+        if(!sanList.isEmpty()) {
+            GeneralName[] gna = new GeneralName[sanList.size()+plus];
+            int i=-1;
+            for(String s : sanList) {
+                gna[++i]=new GeneralName(GeneralName.dNSName,s);
+            }
+            gna[++i]=new GeneralName(GeneralName.rfc822Name,email);
+            
+            builder.addAttribute(
+                    PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
+                    new Extensions(new Extension[] {
+                            new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())
+                    })
+            );
+        }
 
-		try {
-			return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
-		} catch (OperatorCreationException e) {
-			throw new CertException(e);
-		}
-	}
-	
-	@SuppressWarnings("deprecation")
-	public static void dump(PKCS10CertificationRequest csr) {
-		 Attribute[] certAttributes = csr.getAttributes();
-		 for (Attribute attribute : certAttributes) {
-		     if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
-					 continue;
-				 }
+        try {
+            return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
+        } catch (OperatorCreationException e) {
+            throw new CertException(e);
+        }
+    }
+    
+    @SuppressWarnings("deprecation")
+    public static void dump(PKCS10CertificationRequest csr) {
+         Attribute[] certAttributes = csr.getAttributes();
+         for (Attribute attribute : certAttributes) {
+             if (!attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
+                     continue;
+                 }
 
-				 Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
-				 GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
-				 GeneralName[] names = gns.getNames();
-				 for(int k=0; k < names.length; k++) {
-						 String title = "";
-						 if(names[k].getTagNo() == GeneralName.dNSName) {
-								 title = "dNSName";
-						 } else if(names[k].getTagNo() == GeneralName.iPAddress) {
-								 title = "iPAddress";
-								 // Deprecated, but I don't see anything better to use.
-								 names[k].toASN1Object();
-						 } else if(names[k].getTagNo() == GeneralName.otherName) {
-								 title = "otherName";
-						 } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
-								 title = "email";
-						 }
+                 Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
+                 GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
+                 GeneralName[] names = gns.getNames();
+                 for(int k=0; k < names.length; k++) {
+                         String title = "";
+                         if(names[k].getTagNo() == GeneralName.dNSName) {
+                                 title = "dNSName";
+                         } else if(names[k].getTagNo() == GeneralName.iPAddress) {
+                                 title = "iPAddress";
+                                 // Deprecated, but I don't see anything better to use.
+                                 names[k].toASN1Object();
+                         } else if(names[k].getTagNo() == GeneralName.otherName) {
+                                 title = "otherName";
+                         } else if(names[k].getTagNo() == GeneralName.rfc822Name) {
+                                 title = "email";
+                         }
 
-						 System.out.println(title + ": "+ names[k].getName());
-				 }
-		 }
-	}
-	
-	public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {
-		GregorianCalendar gc = new GregorianCalendar();
-		Date start = gc.getTime();
-		gc.add(GregorianCalendar.DAY_OF_MONTH,2);
-		Date end = gc.getTime();
-		@SuppressWarnings("deprecation")
-		X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
-				x500Name(),
-				new BigInteger(12,random), // replace with Serialnumber scheme
-				start,
-				end,
-				x500Name(),
-				new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))
-				);
-		return new JcaX509CertificateConverter().getCertificate(
-				xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));
-	}
+                         System.out.println(title + ": "+ names[k].getName());
+                 }
+         }
+    }
+    
+    public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {
+        GregorianCalendar gc = new GregorianCalendar();
+        Date start = gc.getTime();
+        gc.add(GregorianCalendar.DAY_OF_MONTH,2);
+        Date end = gc.getTime();
+        @SuppressWarnings("deprecation")
+        X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
+                x500Name(),
+                new BigInteger(12,random), // replace with Serialnumber scheme
+                start,
+                end,
+                x500Name(),
+                new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))
+                );
+        return new JcaX509CertificateConverter().getCertificate(
+                xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));
+    }
 
-	public CSRMeta san(String v) {
-		sanList.add(v);
-		return this;
-	}
+    public CSRMeta san(String v) {
+        sanList.add(v);
+        return this;
+    }
 
-	public List<String> sans() {
-		return sanList;
-	}
+    public List<String> sans() {
+        return sanList;
+    }
 
 
-	public KeyPair keypair(Trans trans) {
-		if(keyPair == null) {
-			keyPair = Factory.generateKeyPair(trans);
-		}
-		return keyPair;
-	}
+    public KeyPair keypair(Trans trans) {
+        if(keyPair == null) {
+            keyPair = Factory.generateKeyPair(trans);
+        }
+        return keyPair;
+    }
 
-	/**
-	 * @return the cn
-	 */
-	public String cn() {
-		return cn;
-	}
+    /**
+     * @return the cn
+     */
+    public String cn() {
+        return cn;
+    }
 
 
-	/**
-	 * @param cn the cn to set
-	 */
-	public void cn(String cn) {
-		this.cn = cn;
-	}
+    /**
+     * @param cn the cn to set
+     */
+    public void cn(String cn) {
+        this.cn = cn;
+    }
 
-	/**
-	 * Environment of Service MechID is good for
-	 */
-	public void environment(String env) {
-		environment = env;
-	}
-	
-	/**
-	 * 
-	 * @return
-	 */
-	public String environment() {
-		return environment;
-	}
-	
-	/**
-	 * @return the mechID
-	 */
-	public String mechID() {
-		return mechID;
-	}
+    /**
+     * Environment of Service MechID is good for
+     */
+    public void environment(String env) {
+        environment = env;
+    }
+    
+    /**
+     * 
+     * @return
+     */
+    public String environment() {
+        return environment;
+    }
+    
+    /**
+     * @return the mechID
+     */
+    public String mechID() {
+        return mechID;
+    }
 
 
-	/**
-	 * @param mechID the mechID to set
-	 */
-	public void mechID(String mechID) {
-		this.mechID = mechID;
-	}
+    /**
+     * @param mechID the mechID to set
+     */
+    public void mechID(String mechID) {
+        this.mechID = mechID;
+    }
 
 
-	/**
-	 * @return the email
-	 */
-	public String email() {
-		return email;
-	}
+    /**
+     * @return the email
+     */
+    public String email() {
+        return email;
+    }
 
 
-	/**
-	 * @param email the email to set
-	 */
-	public void email(String email) {
-		this.email = email;
-	}
+    /**
+     * @param email the email to set
+     */
+    public void email(String email) {
+        this.email = email;
+    }
 
-	/**
-	 * @return the challenge
-	 */
-	public String challenge() {
-		return challenge;
-	}
+    /**
+     * @return the challenge
+     */
+    public String challenge() {
+        return challenge;
+    }
 
 
-	/**
-	 * @param challenge the challenge to set
-	 */
-	public void challenge(String challenge) {
-		this.challenge = challenge;
-	}
-	
+    /**
+     * @param challenge the challenge to set
+     */
+    public void challenge(String challenge) {
+        this.challenge = challenge;
+    }
+    
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
index b109ffcb..c39ba6d3 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
@@ -29,75 +29,75 @@ import org.onap.aaf.cadi.configure.CertException;
 import org.onap.aaf.cadi.util.Split;
 
 public class RDN {
-	public String tag;
-	public String value;
-	public ASN1ObjectIdentifier aoi;
-	public RDN(final String tagValue) throws CertException {
-		String[] tv = Split.splitTrim('=',tagValue);
-		switch(tv[0]) {
-			case "cn":case "CN":			aoi = BCStyle.CN; break;
-			case "c":case "C":			aoi = BCStyle.C;break;
-			case "st":case "ST":			aoi = BCStyle.ST;break;
-			case "l":case "L":  			aoi = BCStyle.L;break;
-			case "o":case "O":			aoi = BCStyle.O;break;
-			case "ou":case "OU":			aoi = BCStyle.OU;break;
-			case "dc":case "DC":			aoi = BCStyle.DC;break;
-			case "gn":case "GN":			aoi = BCStyle.GIVENNAME; break;
-			case "sn":case "SN":			aoi = BCStyle.SN; break;  // surname
-			case "email":case "EMAIL":
-			case "emailaddress":
-			case "EMAILADDRESS":			aoi = BCStyle.EmailAddress;break; // should be SAN extension
-			case "initials":				aoi = BCStyle.INITIALS; break; 
-			case "pseudonym":			aoi = BCStyle.PSEUDONYM; break;
-			case "generationQualifier":	aoi = BCStyle.GENERATION; break;
-			case "serialNumber":			aoi = BCStyle.SERIALNUMBER; break;
-			default:
-				throw new CertException("Unknown ASN1ObjectIdentifier for " + tv[0] + " in " + tagValue);
-		}
-		tag = tv[0];
-		value = tv[1];
-	}
-	
-	/**
-	 * Parse various forms of DNs into appropriate RDNs, which have the ASN1ObjectIdentifier
-	 * @param delim
-	 * @param dnString
-	 * @return
-	 * @throws CertException
-	 */
-	public static List<RDN> parse(final char delim, final String dnString ) throws CertException {
-		List<RDN> lrnd = new ArrayList<>();
-		StringBuilder sb = new StringBuilder();
-		boolean inQuotes = false;
-		for(int i=0;i<dnString.length();++i) {
-			char c = dnString.charAt(i);
-			if(inQuotes) {
-				if('"' == c) {
-					inQuotes=false;
-				} else {
-					sb.append(dnString.charAt(i));
-				}
-			} else {
-				if('"' == c) {
-					inQuotes=true;
-				} else if(delim==c) {
-					if(sb.length()>0) {
-						lrnd.add(new RDN(sb.toString()));
-						sb.setLength(0);
-					}
-				} else {
-					sb.append(dnString.charAt(i));
-				}
-			}
-		}
-		if(sb.indexOf("=")>0) {
-			lrnd.add(new RDN(sb.toString()));
-		}
-		return lrnd;
-	}
-	
-	@Override
-	public String toString() {
-		return tag + '=' + value;
-	}
+    public String tag;
+    public String value;
+    public ASN1ObjectIdentifier aoi;
+    public RDN(final String tagValue) throws CertException {
+        String[] tv = Split.splitTrim('=',tagValue);
+        switch(tv[0]) {
+            case "cn":case "CN":            aoi = BCStyle.CN; break;
+            case "c":case "C":            aoi = BCStyle.C;break;
+            case "st":case "ST":            aoi = BCStyle.ST;break;
+            case "l":case "L":              aoi = BCStyle.L;break;
+            case "o":case "O":            aoi = BCStyle.O;break;
+            case "ou":case "OU":            aoi = BCStyle.OU;break;
+            case "dc":case "DC":            aoi = BCStyle.DC;break;
+            case "gn":case "GN":            aoi = BCStyle.GIVENNAME; break;
+            case "sn":case "SN":            aoi = BCStyle.SN; break;  // surname
+            case "email":case "EMAIL":
+            case "emailaddress":
+            case "EMAILADDRESS":            aoi = BCStyle.EmailAddress;break; // should be SAN extension
+            case "initials":                aoi = BCStyle.INITIALS; break; 
+            case "pseudonym":            aoi = BCStyle.PSEUDONYM; break;
+            case "generationQualifier":    aoi = BCStyle.GENERATION; break;
+            case "serialNumber":            aoi = BCStyle.SERIALNUMBER; break;
+            default:
+                throw new CertException("Unknown ASN1ObjectIdentifier for " + tv[0] + " in " + tagValue);
+        }
+        tag = tv[0];
+        value = tv[1];
+    }
+    
+    /**
+     * Parse various forms of DNs into appropriate RDNs, which have the ASN1ObjectIdentifier
+     * @param delim
+     * @param dnString
+     * @return
+     * @throws CertException
+     */
+    public static List<RDN> parse(final char delim, final String dnString ) throws CertException {
+        List<RDN> lrnd = new ArrayList<>();
+        StringBuilder sb = new StringBuilder();
+        boolean inQuotes = false;
+        for(int i=0;i<dnString.length();++i) {
+            char c = dnString.charAt(i);
+            if(inQuotes) {
+                if('"' == c) {
+                    inQuotes=false;
+                } else {
+                    sb.append(dnString.charAt(i));
+                }
+            } else {
+                if('"' == c) {
+                    inQuotes=true;
+                } else if(delim==c) {
+                    if(sb.length()>0) {
+                        lrnd.add(new RDN(sb.toString()));
+                        sb.setLength(0);
+                    }
+                } else {
+                    sb.append(dnString.charAt(i));
+                }
+            }
+        }
+        if(sb.indexOf("=")>0) {
+            lrnd.add(new RDN(sb.toString()));
+        }
+        return lrnd;
+    }
+    
+    @Override
+    public String toString() {
+        return tag + '=' + value;
+    }
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
index d960945c..ad7f10eb 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
@@ -31,19 +31,19 @@ import org.onap.aaf.auth.cm.cert.CSRMeta;
 import org.onap.aaf.cadi.configure.CertException;
 
 public class CertReq {
-	// These cannot be null
-	public CA certAuthority;
-	public String mechid;
-	public List<String> fqdns;
-	// Notify
-	public List<String> emails;
-	
-	
-	// These may be null
-	public String sponsor;
-	public XMLGregorianCalendar start, end;
-	
-	public CSRMeta getCSRMeta() throws CertException {
-		return BCFactory.createCSRMeta(certAuthority, mechid, sponsor,fqdns);
-	}
+    // These cannot be null
+    public CA certAuthority;
+    public String mechid;
+    public List<String> fqdns;
+    // Notify
+    public List<String> emails;
+    
+    
+    // These may be null
+    public String sponsor;
+    public XMLGregorianCalendar start, end;
+    
+    public CSRMeta getCSRMeta() throws CertException {
+        return BCFactory.createCSRMeta(certAuthority, mechid, sponsor,fqdns);
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
index 970bfb85..e156fe91 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
@@ -33,59 +33,59 @@ import org.onap.aaf.cadi.configure.Factory;
 import org.onap.aaf.misc.env.Trans;
 
 public class CertResp {
-	private CA ca;
-	private KeyPair keyPair;
-	private String challenge;
-	
-	private String privateKey, certString;
-	private String[] trustChain;
-	private String[] notes;
-	
-	public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, GeneralSecurityException, CertException {
-		keyPair = csrMeta.keypair(trans);
-		privateKey = Factory.toString(trans, keyPair.getPrivate());
-		certString = Factory.toString(trans,x509);
-		challenge=csrMeta.challenge();
-		this.ca = ca;
-		this.trustChain = trustChain;
-		this.notes = notes;
-	}
+    private CA ca;
+    private KeyPair keyPair;
+    private String challenge;
+    
+    private String privateKey, certString;
+    private String[] trustChain;
+    private String[] notes;
+    
+    public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, GeneralSecurityException, CertException {
+        keyPair = csrMeta.keypair(trans);
+        privateKey = Factory.toString(trans, keyPair.getPrivate());
+        certString = Factory.toString(trans,x509);
+        challenge=csrMeta.challenge();
+        this.ca = ca;
+        this.trustChain = trustChain;
+        this.notes = notes;
+    }
 
-	// Use for Read Responses, etc
-	public CertResp(String cert) {
-		certString = cert;
-	}
+    // Use for Read Responses, etc
+    public CertResp(String cert) {
+        certString = cert;
+    }
 
-	
-	public String asCertString() {
-		return certString;
-	}
-	
-	public String privateString() throws IOException {
-		return privateKey;
-	}
-	
-	public String challenge() {
-		return challenge==null?"":challenge;
-	}
-	
-	public String[] notes() {
-		return notes;
-	}
-	
-	public String[] caIssuerDNs() {
-		return ca.getCaIssuerDNs();
-	}
-	
-	public String env() {
-		return ca.getEnv();
-	}
-	
-	public String[] trustChain() {
-		return trustChain;
-	}
-	
-	public String[] trustCAs() {
-		return ca.getTrustedCAs();
-	}
+    
+    public String asCertString() {
+        return certString;
+    }
+    
+    public String privateString() throws IOException {
+        return privateKey;
+    }
+    
+    public String challenge() {
+        return challenge==null?"":challenge;
+    }
+    
+    public String[] notes() {
+        return notes;
+    }
+    
+    public String[] caIssuerDNs() {
+        return ca.getCaIssuerDNs();
+    }
+    
+    public String env() {
+        return ca.getEnv();
+    }
+    
+    public String[] trustChain() {
+        return trustChain;
+    }
+    
+    public String[] trustCAs() {
+        return ca.getTrustedCAs();
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java
index 9eb9c2fa..4952dbec 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade.java
@@ -40,143 +40,143 @@ import org.onap.aaf.auth.layer.Result;
 public interface Facade<REQ,CERT,ARTIFACTS,ERROR> {
 
 /////////////////////  STANDARD ELEMENTS //////////////////
-	/** 
-	 * @param trans
-	 * @param response
-	 * @param result
-	 */
-	void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param response
-	 * @param status
-	 */
-	void error(AuthzTrans trans, HttpServletResponse response, int status,	String msg, String ... detail);
-
-	/**
-	 * Permission checker
-	 *
-	 * @param trans
-	 * @param resp
-	 * @param perm
-	 * @return
-	 * @throws IOException 
-	 */
-	Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException;
-
-	/**
-	 * 
-	 * @return
-	 */
-	public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper();
+    /** 
+     * @param trans
+     * @param response
+     * @param result
+     */
+    void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);
+
+    /**
+     * 
+     * @param trans
+     * @param response
+     * @param status
+     */
+    void error(AuthzTrans trans, HttpServletResponse response, int status,    String msg, String ... detail);
+
+    /**
+     * Permission checker
+     *
+     * @param trans
+     * @param resp
+     * @param perm
+     * @return
+     * @throws IOException 
+     */
+    Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException;
+
+    /**
+     * 
+     * @return
+     */
+    public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper();
 
 /////////////////////  STANDARD ELEMENTS //////////////////
-	
-	/**
-	 * 
-	 * @param trans
-	 * @param resp
-	 * @param rservlet
-	 * @return
-	 */
-	public abstract Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param resp
-	 * @param rservlet
-	 * @return
-	 */
-	public abstract Result<Void> requestPersonalCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca);
-
-
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	public abstract Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	public abstract Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-	
-
-	/**
-	 * 
-	 * @param trans
-	 * @param resp
-	 * @param pathParam
-	 * @return
-	 */
-	public Result<Void> readCertsByMechID(AuthzTrans trans, HttpServletResponse resp, String mechID);
-	
-
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-	
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param resp
-	 * @param mechid
-	 * @param machine
-	 * @return
-	 */
-	Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-	
-	/**
-	 * 
-	 * @param trans
-	 * @param req
-	 * @param resp
-	 * @return
-	 */
-	Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
-	/**
-	 * 
-	 * @param trans
-	 * @param resp
-	 * @param mechid
-	 * @param machine
-	 * @return
-	 */
-	Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);
+    
+    /**
+     * 
+     * @param trans
+     * @param resp
+     * @param rservlet
+     * @return
+     */
+    public abstract Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca);
+
+    /**
+     * 
+     * @param trans
+     * @param resp
+     * @param rservlet
+     * @return
+     */
+    public abstract Result<Void> requestPersonalCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca);
+
+
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    public abstract Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust);
+
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    public abstract Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+    
+
+    /**
+     * 
+     * @param trans
+     * @param resp
+     * @param pathParam
+     * @return
+     */
+    public Result<Void> readCertsByMechID(AuthzTrans trans, HttpServletResponse resp, String mechID);
+    
+
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+    
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+
+    /**
+     * 
+     * @param trans
+     * @param resp
+     * @param mechid
+     * @param machine
+     * @return
+     */
+    Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);
+
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+    
+    /**
+     * 
+     * @param trans
+     * @param req
+     * @param resp
+     * @return
+     */
+    Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+
+    /**
+     * 
+     * @param trans
+     * @param resp
+     * @param mechid
+     * @param machine
+     * @return
+     */
+    Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine);
 
 
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java
index 49d976b2..4a3b5cbe 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/Facade1_0.java
@@ -37,10 +37,10 @@ import certman.v1_0.CertInfo;
  *
  */
 public class Facade1_0 extends FacadeImpl<BaseRequest,CertInfo, Artifacts, Error> {
-	public Facade1_0(AAF_CM certman, 
-					 CMService service, 
-					 Mapper<BaseRequest,CertInfo,Artifacts,Error> mapper, 
-					 Data.TYPE type) throws APIException {
-		super(certman, service, mapper, type);
-	}
+    public Facade1_0(AAF_CM certman, 
+                     CMService service, 
+                     Mapper<BaseRequest,CertInfo,Artifacts,Error> mapper, 
+                     Data.TYPE type) throws APIException {
+        super(certman, service, mapper, type);
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java
index 6eb13f93..e9ffb908 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeFactory.java
@@ -30,12 +30,12 @@ import org.onap.aaf.misc.env.Data;
 
 
 public class FacadeFactory {
-	public static Facade1_0 v1_0(AAF_CM certman, AuthzTrans trans, CMService service, Data.TYPE type) throws APIException {
-		return new Facade1_0(
-				certman,
-				service,
-				new Mapper1_0(),
-				type);  
-	}
+    public static Facade1_0 v1_0(AAF_CM certman, AuthzTrans trans, CMService service, Data.TYPE type) throws APIException {
+        return new Facade1_0(
+                certman,
+                service,
+                new Mapper1_0(),
+                type);  
+    }
 
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
index 98fdf11b..310ea8b2 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
@@ -66,7 +66,7 @@ import org.onap.aaf.misc.rosetta.env.RosettaData;
  * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)
  * 2) Validate incoming data (if applicable)
  * 3) Convert the Service response into the right Format, and mark the Content Type
- * 		a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
+ *         a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
  * 4) Log Service info, warnings and exceptions as necessary
  * 5) When asked by the API layer, this will create and write Error content to the OutputStream
  * 
@@ -77,562 +77,562 @@ import org.onap.aaf.misc.rosetta.env.RosettaData;
  *
  */
 public abstract class FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> extends org.onap.aaf.auth.layer.FacadeImpl implements Facade<REQ,CERT,ARTIFACTS,ERROR> 
-	{
-	private static final String TRUE = "TRUE";
-	private static final String REQUEST_CERT = "Request New Certificate";
-	private static final String RENEW_CERT = "Renew Certificate";
-	private static final String DROP_CERT = "Drop Certificate";
-	private static final String READ_CERTS_MECHID = "Read Certificates by MechID";
-	private static final String CREATE_ARTIFACTS = "Create Deployment Artifact";
-	private static final String READ_ARTIFACTS = "Read Deployment Artifact";
-	private static final String UPDATE_ARTIFACTS = "Update Deployment Artifact";
-	private static final String DELETE_ARTIFACTS = "Delete Deployment Artifact";
-
-	private CMService service;
-
-	private final RosettaDF<ERROR>	 	errDF;
-	private final RosettaDF<REQ> 		certRequestDF, certRenewDF, certDropDF;
-	private final RosettaDF<CERT>		certDF;
-	private final RosettaDF<ARTIFACTS>	artiDF;
-	private Mapper<REQ, CERT, ARTIFACTS, ERROR> 	mapper;
-//	private Slot sCertAuth;
-	private AAF_CM certman;
-	private final String voidResp;
-
-	public FacadeImpl(AAF_CM certman,
-					  CMService service, 
-					  Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper, 
-					  Data.TYPE dataType) throws APIException {
-		this.service = service;
-		this.mapper = mapper;
-		this.certman = certman;
-		AuthzEnv env = certman.env;
-		//TODO: Gabe [JUnit] Static issue, talk to Jonathan
-		(errDF 				= env.newDataFactory(mapper.getClass(API.ERROR))).in(dataType).out(dataType);
-		(certRequestDF 		= env.newDataFactory(mapper.getClass(API.CERT_REQ))).in(dataType).out(dataType);
-		(certRenewDF 		= env.newDataFactory(mapper.getClass(API.CERT_RENEW))).in(dataType).out(dataType);
-		(certDropDF 		= env.newDataFactory(mapper.getClass(API.CERT_DROP))).in(dataType).out(dataType);
-		(certDF 			= env.newDataFactory(mapper.getClass(API.CERT))).in(dataType).out(dataType);
-		(artiDF 			= env.newDataFactory(mapper.getClass(API.ARTIFACTS))).in(dataType).out(dataType);
-//		sCertAuth = env.slot(API_Cert.CERT_AUTH);
-		if(artiDF.getOutType().name().contains("xml")) {
-			voidResp = "application/Void+xml;charset=utf-8;version=1.0,application/xml;version=1.0,*/*";
-		} else {
-			voidResp = "application/Void+json;charset=utf-8;version=1.0,application/json;version=1.0,*/*";
-		}
-	}
-	
-	public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper() {
-		return mapper;
-	}
-	
-	/* (non-Javadoc)
-	 * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
-	 * 
-	 * Note: Conforms to AT&T TSS RESTful Error Structure
-	 */
-	@Override
-	public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {
-		error(trans, response, result.status,
-				result.details==null?"":result.details.trim(),
-				result.variables==null?new String[0]:result.variables);
-	}
-		
-	@Override
-	public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final String ... _detail) {
-		String msgId;
-		String prefix;
-		boolean hidemsg=false;
-		switch(status) {
-			case 202:
-			case ERR_ActionNotCompleted:
-				msgId = "SVC1202";
-				prefix = "Accepted, Action not complete";
-				response.setStatus(/*httpstatus=*/202);
-				break;
-
-			case 403:
-			case ERR_Policy:
-			case ERR_Security:
-			case ERR_Denied:
-				msgId = "SVC1403";
-				prefix = "Forbidden";
-				response.setStatus(/*httpstatus=*/403);
-				break;
-				
-			case 404:
-			case ERR_NotFound:
-				msgId = "SVC1404";
-				prefix = "Not Found";
-				response.setStatus(/*httpstatus=*/404);
-				break;
-
-			case 406:
-			case ERR_BadData:
-				msgId="SVC1406";
-				prefix = "Not Acceptable";
-				response.setStatus(/*httpstatus=*/406);
-				break;
-				
-			case 409:
-			case ERR_ConflictAlreadyExists:
-				msgId = "SVC1409";
-				prefix = "Conflict Already Exists";
-				response.setStatus(/*httpstatus=*/409);
-				break;
-			
-			case 501:
-			case ERR_NotImplemented:
-				msgId = "SVC1501";
-				prefix = "Not Implemented"; 
-				response.setStatus(/*httpstatus=*/501);
-				break;
-				
-
-			default:
-				msgId = "SVC1500";
-				prefix = "General Service Error";
-				response.setStatus(/*httpstatus=*/500);
-				hidemsg=true;
-				break;
-		}
-
-		try {
-			StringBuilder holder = new StringBuilder();
-			ERROR em = mapper().errorFromMessage(holder, msgId,prefix + ": " + _msg,_detail);
-			trans.checkpoint(
-					"ErrResp [" + 
-					msgId +
-					"] " +
-					holder.toString(),
-					Env.ALWAYS);
-			if(hidemsg) {
-				holder.setLength(0);
-				em = mapper().errorFromMessage(holder, msgId, "Server had an issue processing this request");
-			}
-			errDF.newData(trans).load(em).to(response.getOutputStream());
-			
-		} catch (Exception e) {
-			trans.error().log(e,"unable to send response for",_msg);
-		}
-	}
-
-	@Override
-	public Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException {
-		String[] p = Split.split('|',perm);
-		AAFPermission ap;
-		switch(p.length) {
-			case 3:
-				 ap = new AAFPermission(null, p[0],p[1],p[2]);
-				 break;
-			case 4:
-				ap = new AAFPermission(p[0],p[1],p[2],p[3]);
-				break;
-			default:
-				return Result.err(Result.ERR_BadData,"Invalid Perm String");
-		}
-		if(certman.aafLurPerm.fish(trans.getUserPrincipal(), ap)) {
-			resp.setContentType(voidResp);
-			resp.getOutputStream().write(0);
-			return Result.ok();
-		} else {
-			return Result.err(Result.ERR_Denied,"%s does not have %s",trans.user(),ap.getKey());
-		}
-	}
-
-	/* (non-Javadoc)
-	 * @see com.att.auth.certman.facade.Facade#requestCert(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca) {
-		TimeTaken tt = trans.start(REQUEST_CERT, Env.SUB|Env.ALWAYS);
-		String wt;
-		boolean withTrust=(wt=req.getParameter("withTrust"))!=null || TRUE.equalsIgnoreCase(wt);
-		try {
-			REQ request;
-			try {
-				Data<REQ> rd = certRequestDF.newData().load(req.getInputStream());
-				request = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,REQUEST_CERT);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-			Result<CertResp> rcr = service.requestCert(trans,mapper.toReq(trans,request), ca);
-			if(rcr.notOK()) {
-				return Result.err(rcr);
-			}
-			
-//			CA certAuth = trans.get(sCertAuth,null);
-			Result<CERT> rc = mapper.toCert(trans, rcr, withTrust);
-			switch(rc.status) {
-				case OK: 
-					RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
-					data.to(resp.getOutputStream());
-	
-					setContentType(resp,certDF.getOutType());
-					return Result.ok();
-				default:
-					return Result.err(rc);
-			}
-
-		} catch (Exception e) {
-			trans.error().log(e,IN,REQUEST_CERT);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-	
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.facade.Facade#requestPersonalCert(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)
-	 */
-	@Override
-	public Result<Void> requestPersonalCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca) {
-		return Result.err(Result.ERR_NotImplemented,"not implemented yet");
-//		Result<CertResp> rcr = service.requestPersonalCert(trans,ca);
-//		if(rcr.notOK()) {
-//			return Result.err(rcr);
-//		} else {
-//			try {
-//				resp.setContentType("application/zip, application/octet-stream");
-//				ZipOutputStream zos = new ZipOutputStream(resp.getOutputStream());
-//				PrintStream ps = new PrintStream(zos);
-//				ZipEntry ze = new ZipEntry(trans.user()+".key");
-//				zos.putNextEntry(ze);
-//				ps.print(rcr.value.privateString());
-//				zos.closeEntry();
+    {
+    private static final String TRUE = "TRUE";
+    private static final String REQUEST_CERT = "Request New Certificate";
+    private static final String RENEW_CERT = "Renew Certificate";
+    private static final String DROP_CERT = "Drop Certificate";
+    private static final String READ_CERTS_MECHID = "Read Certificates by MechID";
+    private static final String CREATE_ARTIFACTS = "Create Deployment Artifact";
+    private static final String READ_ARTIFACTS = "Read Deployment Artifact";
+    private static final String UPDATE_ARTIFACTS = "Update Deployment Artifact";
+    private static final String DELETE_ARTIFACTS = "Delete Deployment Artifact";
+
+    private CMService service;
+
+    private final RosettaDF<ERROR>         errDF;
+    private final RosettaDF<REQ>         certRequestDF, certRenewDF, certDropDF;
+    private final RosettaDF<CERT>        certDF;
+    private final RosettaDF<ARTIFACTS>    artiDF;
+    private Mapper<REQ, CERT, ARTIFACTS, ERROR>     mapper;
+//    private Slot sCertAuth;
+    private AAF_CM certman;
+    private final String voidResp;
+
+    public FacadeImpl(AAF_CM certman,
+                      CMService service, 
+                      Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper, 
+                      Data.TYPE dataType) throws APIException {
+        this.service = service;
+        this.mapper = mapper;
+        this.certman = certman;
+        AuthzEnv env = certman.env;
+        //TODO: Gabe [JUnit] Static issue, talk to Jonathan
+        (errDF                 = env.newDataFactory(mapper.getClass(API.ERROR))).in(dataType).out(dataType);
+        (certRequestDF         = env.newDataFactory(mapper.getClass(API.CERT_REQ))).in(dataType).out(dataType);
+        (certRenewDF         = env.newDataFactory(mapper.getClass(API.CERT_RENEW))).in(dataType).out(dataType);
+        (certDropDF         = env.newDataFactory(mapper.getClass(API.CERT_DROP))).in(dataType).out(dataType);
+        (certDF             = env.newDataFactory(mapper.getClass(API.CERT))).in(dataType).out(dataType);
+        (artiDF             = env.newDataFactory(mapper.getClass(API.ARTIFACTS))).in(dataType).out(dataType);
+//        sCertAuth = env.slot(API_Cert.CERT_AUTH);
+        if(artiDF.getOutType().name().contains("xml")) {
+            voidResp = "application/Void+xml;charset=utf-8;version=1.0,application/xml;version=1.0,*/*";
+        } else {
+            voidResp = "application/Void+json;charset=utf-8;version=1.0,application/json;version=1.0,*/*";
+        }
+    }
+    
+    public Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper() {
+        return mapper;
+    }
+    
+    /* (non-Javadoc)
+     * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
+     * 
+     * Note: Conforms to AT&T TSS RESTful Error Structure
+     */
+    @Override
+    public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {
+        error(trans, response, result.status,
+                result.details==null?"":result.details.trim(),
+                result.variables==null?new String[0]:result.variables);
+    }
+        
+    @Override
+    public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final String ... _detail) {
+        String msgId;
+        String prefix;
+        boolean hidemsg=false;
+        switch(status) {
+            case 202:
+            case ERR_ActionNotCompleted:
+                msgId = "SVC1202";
+                prefix = "Accepted, Action not complete";
+                response.setStatus(/*httpstatus=*/202);
+                break;
+
+            case 403:
+            case ERR_Policy:
+            case ERR_Security:
+            case ERR_Denied:
+                msgId = "SVC1403";
+                prefix = "Forbidden";
+                response.setStatus(/*httpstatus=*/403);
+                break;
+                
+            case 404:
+            case ERR_NotFound:
+                msgId = "SVC1404";
+                prefix = "Not Found";
+                response.setStatus(/*httpstatus=*/404);
+                break;
+
+            case 406:
+            case ERR_BadData:
+                msgId="SVC1406";
+                prefix = "Not Acceptable";
+                response.setStatus(/*httpstatus=*/406);
+                break;
+                
+            case 409:
+            case ERR_ConflictAlreadyExists:
+                msgId = "SVC1409";
+                prefix = "Conflict Already Exists";
+                response.setStatus(/*httpstatus=*/409);
+                break;
+            
+            case 501:
+            case ERR_NotImplemented:
+                msgId = "SVC1501";
+                prefix = "Not Implemented"; 
+                response.setStatus(/*httpstatus=*/501);
+                break;
+                
+
+            default:
+                msgId = "SVC1500";
+                prefix = "General Service Error";
+                response.setStatus(/*httpstatus=*/500);
+                hidemsg=true;
+                break;
+        }
+
+        try {
+            StringBuilder holder = new StringBuilder();
+            ERROR em = mapper().errorFromMessage(holder, msgId,prefix + ": " + _msg,_detail);
+            trans.checkpoint(
+                    "ErrResp [" + 
+                    msgId +
+                    "] " +
+                    holder.toString(),
+                    Env.ALWAYS);
+            if(hidemsg) {
+                holder.setLength(0);
+                em = mapper().errorFromMessage(holder, msgId, "Server had an issue processing this request");
+            }
+            errDF.newData(trans).load(em).to(response.getOutputStream());
+            
+        } catch (Exception e) {
+            trans.error().log(e,"unable to send response for",_msg);
+        }
+    }
+
+    @Override
+    public Result<Void> check(AuthzTrans trans, HttpServletResponse resp, String perm) throws IOException {
+        String[] p = Split.split('|',perm);
+        AAFPermission ap;
+        switch(p.length) {
+            case 3:
+                 ap = new AAFPermission(null, p[0],p[1],p[2]);
+                 break;
+            case 4:
+                ap = new AAFPermission(p[0],p[1],p[2],p[3]);
+                break;
+            default:
+                return Result.err(Result.ERR_BadData,"Invalid Perm String");
+        }
+        if(certman.aafLurPerm.fish(trans.getUserPrincipal(), ap)) {
+            resp.setContentType(voidResp);
+            resp.getOutputStream().write(0);
+            return Result.ok();
+        } else {
+            return Result.err(Result.ERR_Denied,"%s does not have %s",trans.user(),ap.getKey());
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see com.att.auth.certman.facade.Facade#requestCert(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     */
+    @Override
+    public Result<Void> requestCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca) {
+        TimeTaken tt = trans.start(REQUEST_CERT, Env.SUB|Env.ALWAYS);
+        String wt;
+        boolean withTrust=(wt=req.getParameter("withTrust"))!=null || TRUE.equalsIgnoreCase(wt);
+        try {
+            REQ request;
+            try {
+                Data<REQ> rd = certRequestDF.newData().load(req.getInputStream());
+                request = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,REQUEST_CERT);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+            Result<CertResp> rcr = service.requestCert(trans,mapper.toReq(trans,request), ca);
+            if(rcr.notOK()) {
+                return Result.err(rcr);
+            }
+            
+//            CA certAuth = trans.get(sCertAuth,null);
+            Result<CERT> rc = mapper.toCert(trans, rcr, withTrust);
+            switch(rc.status) {
+                case OK: 
+                    RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
+                    data.to(resp.getOutputStream());
+    
+                    setContentType(resp,certDF.getOutType());
+                    return Result.ok();
+                default:
+                    return Result.err(rc);
+            }
+
+        } catch (Exception e) {
+            trans.error().log(e,IN,REQUEST_CERT);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+    
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.facade.Facade#requestPersonalCert(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)
+     */
+    @Override
+    public Result<Void> requestPersonalCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, CA ca) {
+        return Result.err(Result.ERR_NotImplemented,"not implemented yet");
+//        Result<CertResp> rcr = service.requestPersonalCert(trans,ca);
+//        if(rcr.notOK()) {
+//            return Result.err(rcr);
+//        } else {
+//            try {
+//                resp.setContentType("application/zip, application/octet-stream");
+//                ZipOutputStream zos = new ZipOutputStream(resp.getOutputStream());
+//                PrintStream ps = new PrintStream(zos);
+//                ZipEntry ze = new ZipEntry(trans.user()+".key");
+//                zos.putNextEntry(ze);
+//                ps.print(rcr.value.privateString());
+//                zos.closeEntry();
 //
-//				zos.putNextEntry(new ZipEntry(trans.user()+".crt"));
-//				ps.print(rcr.value.asCertString());
-//				zos.closeEntry();
-//				
-//				String wt;
-//				if((wt=req.getParameter("withTrust"))!=null || TRUE.equalsIgnoreCase(wt)) {
-//					zos.putNextEntry(new ZipEntry(trans.user()+".trustCrts"));
-//					for(String s : ca.getTrustChain()) {
-//						ps.println(s);
-//					}
-//					zos.closeEntry();
-//				}
-//				
-//				boolean withJKS = (wt=req.getParameter("withJKS"))!=null || TRUE.equalsIgnoreCase(wt);
-//				if(withJKS) {
-//					if(trans.getUserPrincipal() instanceof BasicPrincipal) {
-//						char[] cap = new String(((BasicPrincipal)trans.getUserPrincipal()).getCred()).toCharArray();
-//						KeyStore ks = keystore(trans, rcr.value, ca.getTrustChain(), trans.user(), cap);
-//						zos.putNextEntry(new ZipEntry(trans.user()+".jks"));
-//						ks.store(zos, cap);
-//						zos.closeEntry();
-//					}
-//				}
-//				
-//				zos.putNextEntry(new ZipEntry("cert_deploy.sh"));
-//				ps.println("# Deploy Certificate to ~/.aaf");
-//				ps.println("if [ \"$1\" = \"\" ]; then echo \"sh deploy.sh <zipfile>\";exit; else chmod 700 $HOME/.aaf; fi");
-//				ps.println("chmod 600 $1");
-//				ps.println("if [ ! -e $HOME/.aaf ]; then mkdir -m 700 $HOME/.aaf; fi");
-//				ps.println("THE_PWD=`pwd`");
-//				ps.println("cd $HOME/.aaf");
-//				ps.println("echo \"Deploying to `pwd`\"");
-//				ps.println("jar -xvf $THE_PWD/$1 " + trans.user());
-//				ps.println("chmod 600 " + trans.user() + ".key");
-//				if(withJKS) {
-//					ps.println("chmod 600 " + trans.user() + ".jks");
-//				}
-//				ps.println("cd $THE_PWD");
-//				ps.println("rm cert_deploy.sh");
-//				zos.closeEntry();
-//				
+//                zos.putNextEntry(new ZipEntry(trans.user()+".crt"));
+//                ps.print(rcr.value.asCertString());
+//                zos.closeEntry();
+//                
+//                String wt;
+//                if((wt=req.getParameter("withTrust"))!=null || TRUE.equalsIgnoreCase(wt)) {
+//                    zos.putNextEntry(new ZipEntry(trans.user()+".trustCrts"));
+//                    for(String s : ca.getTrustChain()) {
+//                        ps.println(s);
+//                    }
+//                    zos.closeEntry();
+//                }
+//                
+//                boolean withJKS = (wt=req.getParameter("withJKS"))!=null || TRUE.equalsIgnoreCase(wt);
+//                if(withJKS) {
+//                    if(trans.getUserPrincipal() instanceof BasicPrincipal) {
+//                        char[] cap = new String(((BasicPrincipal)trans.getUserPrincipal()).getCred()).toCharArray();
+//                        KeyStore ks = keystore(trans, rcr.value, ca.getTrustChain(), trans.user(), cap);
+//                        zos.putNextEntry(new ZipEntry(trans.user()+".jks"));
+//                        ks.store(zos, cap);
+//                        zos.closeEntry();
+//                    }
+//                }
+//                
+//                zos.putNextEntry(new ZipEntry("cert_deploy.sh"));
+//                ps.println("# Deploy Certificate to ~/.aaf");
+//                ps.println("if [ \"$1\" = \"\" ]; then echo \"sh deploy.sh <zipfile>\";exit; else chmod 700 $HOME/.aaf; fi");
+//                ps.println("chmod 600 $1");
+//                ps.println("if [ ! -e $HOME/.aaf ]; then mkdir -m 700 $HOME/.aaf; fi");
+//                ps.println("THE_PWD=`pwd`");
+//                ps.println("cd $HOME/.aaf");
+//                ps.println("echo \"Deploying to `pwd`\"");
+//                ps.println("jar -xvf $THE_PWD/$1 " + trans.user());
+//                ps.println("chmod 600 " + trans.user() + ".key");
+//                if(withJKS) {
+//                    ps.println("chmod 600 " + trans.user() + ".jks");
+//                }
+//                ps.println("cd $THE_PWD");
+//                ps.println("rm cert_deploy.sh");
+//                zos.closeEntry();
+//                
 //
-//				zos.close();
-//				
-//			} catch (IOException | KeyStoreException | CertificateException | APIException | CertException | NoSuchAlgorithmException e) {
-//				return Result.err(e);
-//			}
-//		}
+//                zos.close();
+//                
+//            } catch (IOException | KeyStoreException | CertificateException | APIException | CertException | NoSuchAlgorithmException e) {
+//                return Result.err(e);
+//            }
+//        }
 //
-//		return Result.ok();
-	}
-
-//	private KeyStore keystore(AuthzTrans trans, CertResp cr, String[] trustChain, String name, char[] cap) throws KeyStoreException, CertificateException, APIException, IOException, CertException, NoSuchAlgorithmException {
-//		KeyStore jks = KeyStore.getInstance("jks");
-//		jks.load(null, cap);
-//		
-//		// Get the Cert(s)... Might include Trust store
-//		List<String> lcerts = new ArrayList<>();
-//		lcerts.add(cr.asCertString());
-//		for(String s : trustChain) {
-//			lcerts.add(s);
-//		}
-//		
-//		Collection<? extends Certificate> certColl = Factory.toX509Certificate(lcerts);
-//		X509Certificate[] certs = new X509Certificate[certColl.size()];
-//		certColl.toArray(certs);
-//		KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(cap);
-//		
-//		PrivateKey pk = Factory.toPrivateKey(trans, cr.privateString());
-//		KeyStore.PrivateKeyEntry pkEntry = 
-//				new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});
-//		jks.setEntry(name, pkEntry, protParam);
-//		
-//		int i=0;
-//		for(X509Certificate x509 : certs) {
-//			jks.setCertificateEntry("cert_"+ ++i, x509);
-//		}
-//		return jks;
-//	}
-
-	@Override
-	public Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust) {
-		TimeTaken tt = trans.start(RENEW_CERT, Env.SUB|Env.ALWAYS);
-		try {
-			REQ request;
-			try {
-				Data<REQ> rd = certRenewDF.newData().load(req.getInputStream());
-				request = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,RENEW_CERT);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-//			String certAuth = trans.get(sCertAuth,null);
-			Result<CertResp> rcr = service.renewCert(trans,mapper.toRenew(trans,request));
-			Result<CERT> rc = mapper.toCert(trans, rcr, withTrust);
-
-			switch(rc.status) {
-				case OK: 
-					RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
-					data.to(resp.getOutputStream());
-
-					setContentType(resp,certDF.getOutType());
-					return Result.ok();
-				default:
-					return Result.err(rc);
-			}
-		} catch (Exception e) {
-			trans.error().log(e,IN,RENEW_CERT);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-
-	}
-
-	@Override
-	public Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
-		TimeTaken tt = trans.start(DROP_CERT, Env.SUB|Env.ALWAYS);
-		try {
-			REQ request;
-			try {
-				Data<REQ> rd = certDropDF.newData().load(req.getInputStream());
-				request = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,DROP_CERT);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-			Result<Void> rv = service.dropCert(trans,mapper.toDrop(trans, request));
-			switch(rv.status) {
-				case OK: 
-					setContentType(resp,certRequestDF.getOutType());
-					return Result.ok();
-				default:
-					return Result.err(rv);
-			}
-		} catch (Exception e) {
-			trans.error().log(e,IN,DROP_CERT);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.facade.Facade#readCertsByMechID(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
-	 */
-	@Override
-	public Result<Void> readCertsByMechID(AuthzTrans trans, HttpServletResponse resp, String mechID) {
-		TimeTaken tt = trans.start(READ_CERTS_MECHID, Env.SUB|Env.ALWAYS);
-		try {
-			Result<CERT> rc = mapper.toCert(trans, service.readCertsByMechID(trans,mechID));
-			switch(rc.status) {
-				case OK: 
-					RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
-					data.to(resp.getOutputStream());
-	
-					setContentType(resp,certDF.getOutType());
-					return Result.ok();
-				default:
-					return Result.err(rc);
-			}
-		} catch (Exception e) {
-			trans.error().log(e,IN,READ_CERTS_MECHID);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	////////////////////////////
-	// Artifacts
-	////////////////////////////
-	@Override
-	public Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
-		TimeTaken tt = trans.start(CREATE_ARTIFACTS, Env.SUB);
-		try {
-			ARTIFACTS arti;
-			try {
-				Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
-				arti = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,CREATE_ARTIFACTS);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-			return service.createArtifact(trans,mapper.toArtifact(trans,arti));
-		} catch (Exception e) {
-
-			trans.error().log(e,IN,CREATE_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	@Override
-	public Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
-		TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);
-		try {
-			String mechid = req.getParameter("mechid");
-			String machine = req.getParameter("machine");
-			String ns = req.getParameter("ns");
-			
-			Result<ARTIFACTS> ra;
-			if( machine !=null && mechid == null) {
-				ra = mapper.fromArtifacts(service.readArtifactsByMachine(trans, machine));
-			} else if(mechid!=null && machine==null) {
-				ra = mapper.fromArtifacts(service.readArtifactsByMechID(trans, mechid));
-			} else if(mechid!=null && machine!=null) {
-				ArtiDAO.Data add = new ArtiDAO.Data();
-				add.mechid = mechid;
-				add.machine = machine;
-				add.ns = ns;
-				ra = mapper.fromArtifacts(service.readArtifacts(trans,add));
-			} else if(ns!=null) {
-				ra = mapper.fromArtifacts(service.readArtifactsByNs(trans, ns));
-			} else {
-				ra = Result.err(Status.ERR_BadData,"Invalid request inputs");
-			}
-			
-			if(ra.isOK()) {
-				RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);
-				data.to(resp.getOutputStream());
-				setContentType(resp,artiDF.getOutType());
-				return Result.ok();
-			} else {
-				return Result.err(ra);
-			}
-
-		} catch (Exception e) {
-			trans.error().log(e,IN,READ_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	@Override
-	public Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {
-		TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);
-		try {
-			ArtiDAO.Data add = new ArtiDAO.Data();
-			add.mechid = mechid;
-			add.machine = machine;
-			Result<ARTIFACTS> ra = mapper.fromArtifacts(service.readArtifacts(trans,add));
-			if(ra.isOK()) {
-				RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);
-				data.to(resp.getOutputStream());
-				setContentType(resp,artiDF.getOutType());
-				return Result.ok();
-			} else {
-				return Result.err(ra);
-			}
-		} catch (Exception e) {
-			trans.error().log(e,IN,READ_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-
-	@Override
-	public Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
-		TimeTaken tt = trans.start(UPDATE_ARTIFACTS, Env.SUB);
-		try {
-			ARTIFACTS arti;
-			try {
-				Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
-				arti = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,UPDATE_ARTIFACTS);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-			return service.updateArtifact(trans,mapper.toArtifact(trans,arti));
-		} catch (Exception e) {
-			trans.error().log(e,IN,UPDATE_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	@Override
-	public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
-		TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);
-		try {
-			ARTIFACTS arti;
-			try {
-				Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
-				arti = rd.asObject();
-			} catch(APIException e) {
-				trans.error().log("Invalid Input",IN,DELETE_ARTIFACTS);
-				return Result.err(Result.ERR_BadData,"Invalid Input");
-			}
-			
-			Result<Void> rv = service.deleteArtifact(trans,mapper.toArtifact(trans,arti));
-			switch(rv.status) {
-				case OK: 
-					setContentType(resp,artiDF.getOutType());
-			} 
-			return rv;
-		} catch (Exception e) {
-			trans.error().log(e,IN,DELETE_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
-
-	@Override
-	public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {
-		TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);
-		try {
-			Result<Void> rv = service.deleteArtifact(trans, mechid, machine);
-			switch(rv.status) {
-				case OK: 
-					setContentType(resp,artiDF.getOutType());
-			} 
-			return rv;
-		} catch (Exception e) {
-			trans.error().log(e,IN,DELETE_ARTIFACTS);
-			return Result.err(e);
-		} finally {
-			tt.done();
-		}
-	}
+//        return Result.ok();
+    }
+
+//    private KeyStore keystore(AuthzTrans trans, CertResp cr, String[] trustChain, String name, char[] cap) throws KeyStoreException, CertificateException, APIException, IOException, CertException, NoSuchAlgorithmException {
+//        KeyStore jks = KeyStore.getInstance("jks");
+//        jks.load(null, cap);
+//        
+//        // Get the Cert(s)... Might include Trust store
+//        List<String> lcerts = new ArrayList<>();
+//        lcerts.add(cr.asCertString());
+//        for(String s : trustChain) {
+//            lcerts.add(s);
+//        }
+//        
+//        Collection<? extends Certificate> certColl = Factory.toX509Certificate(lcerts);
+//        X509Certificate[] certs = new X509Certificate[certColl.size()];
+//        certColl.toArray(certs);
+//        KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(cap);
+//        
+//        PrivateKey pk = Factory.toPrivateKey(trans, cr.privateString());
+//        KeyStore.PrivateKeyEntry pkEntry = 
+//                new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});
+//        jks.setEntry(name, pkEntry, protParam);
+//        
+//        int i=0;
+//        for(X509Certificate x509 : certs) {
+//            jks.setCertificateEntry("cert_"+ ++i, x509);
+//        }
+//        return jks;
+//    }
+
+    @Override
+    public Result<Void> renewCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, boolean withTrust) {
+        TimeTaken tt = trans.start(RENEW_CERT, Env.SUB|Env.ALWAYS);
+        try {
+            REQ request;
+            try {
+                Data<REQ> rd = certRenewDF.newData().load(req.getInputStream());
+                request = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,RENEW_CERT);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+//            String certAuth = trans.get(sCertAuth,null);
+            Result<CertResp> rcr = service.renewCert(trans,mapper.toRenew(trans,request));
+            Result<CERT> rc = mapper.toCert(trans, rcr, withTrust);
+
+            switch(rc.status) {
+                case OK: 
+                    RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
+                    data.to(resp.getOutputStream());
+
+                    setContentType(resp,certDF.getOutType());
+                    return Result.ok();
+                default:
+                    return Result.err(rc);
+            }
+        } catch (Exception e) {
+            trans.error().log(e,IN,RENEW_CERT);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+
+    }
+
+    @Override
+    public Result<Void> dropCert(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
+        TimeTaken tt = trans.start(DROP_CERT, Env.SUB|Env.ALWAYS);
+        try {
+            REQ request;
+            try {
+                Data<REQ> rd = certDropDF.newData().load(req.getInputStream());
+                request = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,DROP_CERT);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+            Result<Void> rv = service.dropCert(trans,mapper.toDrop(trans, request));
+            switch(rv.status) {
+                case OK: 
+                    setContentType(resp,certRequestDF.getOutType());
+                    return Result.ok();
+                default:
+                    return Result.err(rv);
+            }
+        } catch (Exception e) {
+            trans.error().log(e,IN,DROP_CERT);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.facade.Facade#readCertsByMechID(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
+     */
+    @Override
+    public Result<Void> readCertsByMechID(AuthzTrans trans, HttpServletResponse resp, String mechID) {
+        TimeTaken tt = trans.start(READ_CERTS_MECHID, Env.SUB|Env.ALWAYS);
+        try {
+            Result<CERT> rc = mapper.toCert(trans, service.readCertsByMechID(trans,mechID));
+            switch(rc.status) {
+                case OK: 
+                    RosettaData<CERT> data = certDF.newData(trans).load(rc.value);
+                    data.to(resp.getOutputStream());
+    
+                    setContentType(resp,certDF.getOutType());
+                    return Result.ok();
+                default:
+                    return Result.err(rc);
+            }
+        } catch (Exception e) {
+            trans.error().log(e,IN,READ_CERTS_MECHID);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    ////////////////////////////
+    // Artifacts
+    ////////////////////////////
+    @Override
+    public Result<Void> createArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
+        TimeTaken tt = trans.start(CREATE_ARTIFACTS, Env.SUB);
+        try {
+            ARTIFACTS arti;
+            try {
+                Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
+                arti = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,CREATE_ARTIFACTS);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+            return service.createArtifact(trans,mapper.toArtifact(trans,arti));
+        } catch (Exception e) {
+
+            trans.error().log(e,IN,CREATE_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    @Override
+    public Result<Void> readArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
+        TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);
+        try {
+            String mechid = req.getParameter("mechid");
+            String machine = req.getParameter("machine");
+            String ns = req.getParameter("ns");
+            
+            Result<ARTIFACTS> ra;
+            if( machine !=null && mechid == null) {
+                ra = mapper.fromArtifacts(service.readArtifactsByMachine(trans, machine));
+            } else if(mechid!=null && machine==null) {
+                ra = mapper.fromArtifacts(service.readArtifactsByMechID(trans, mechid));
+            } else if(mechid!=null && machine!=null) {
+                ArtiDAO.Data add = new ArtiDAO.Data();
+                add.mechid = mechid;
+                add.machine = machine;
+                add.ns = ns;
+                ra = mapper.fromArtifacts(service.readArtifacts(trans,add));
+            } else if(ns!=null) {
+                ra = mapper.fromArtifacts(service.readArtifactsByNs(trans, ns));
+            } else {
+                ra = Result.err(Status.ERR_BadData,"Invalid request inputs");
+            }
+            
+            if(ra.isOK()) {
+                RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);
+                data.to(resp.getOutputStream());
+                setContentType(resp,artiDF.getOutType());
+                return Result.ok();
+            } else {
+                return Result.err(ra);
+            }
+
+        } catch (Exception e) {
+            trans.error().log(e,IN,READ_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    @Override
+    public Result<Void> readArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {
+        TimeTaken tt = trans.start(READ_ARTIFACTS, Env.SUB);
+        try {
+            ArtiDAO.Data add = new ArtiDAO.Data();
+            add.mechid = mechid;
+            add.machine = machine;
+            Result<ARTIFACTS> ra = mapper.fromArtifacts(service.readArtifacts(trans,add));
+            if(ra.isOK()) {
+                RosettaData<ARTIFACTS> data = artiDF.newData(trans).load(ra.value);
+                data.to(resp.getOutputStream());
+                setContentType(resp,artiDF.getOutType());
+                return Result.ok();
+            } else {
+                return Result.err(ra);
+            }
+        } catch (Exception e) {
+            trans.error().log(e,IN,READ_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+
+    @Override
+    public Result<Void> updateArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
+        TimeTaken tt = trans.start(UPDATE_ARTIFACTS, Env.SUB);
+        try {
+            ARTIFACTS arti;
+            try {
+                Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
+                arti = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,UPDATE_ARTIFACTS);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+            return service.updateArtifact(trans,mapper.toArtifact(trans,arti));
+        } catch (Exception e) {
+            trans.error().log(e,IN,UPDATE_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    @Override
+    public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
+        TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);
+        try {
+            ARTIFACTS arti;
+            try {
+                Data<ARTIFACTS> rd = artiDF.newData().load(req.getInputStream());
+                arti = rd.asObject();
+            } catch(APIException e) {
+                trans.error().log("Invalid Input",IN,DELETE_ARTIFACTS);
+                return Result.err(Result.ERR_BadData,"Invalid Input");
+            }
+            
+            Result<Void> rv = service.deleteArtifact(trans,mapper.toArtifact(trans,arti));
+            switch(rv.status) {
+                case OK: 
+                    setContentType(resp,artiDF.getOutType());
+            } 
+            return rv;
+        } catch (Exception e) {
+            trans.error().log(e,IN,DELETE_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
+
+    @Override
+    public Result<Void> deleteArtifacts(AuthzTrans trans, HttpServletResponse resp, String mechid, String machine) {
+        TimeTaken tt = trans.start(DELETE_ARTIFACTS, Env.SUB);
+        try {
+            Result<Void> rv = service.deleteArtifact(trans, mechid, machine);
+            switch(rv.status) {
+                case OK: 
+                    setContentType(resp,artiDF.getOutType());
+            } 
+            return rv;
+        } catch (Exception e) {
+            trans.error().log(e,IN,DELETE_ARTIFACTS);
+            return Result.err(e);
+        } finally {
+            tt.done();
+        }
+    }
 
 
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java
index aadb6650..7328f099 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper.java
@@ -35,20 +35,20 @@ import org.onap.aaf.auth.layer.Result;
 
 public interface Mapper<REQ,CERT,ARTIFACTS,ERROR>
 {
-	public enum API{ERROR,VOID,CERT,CERT_REQ,CERT_RENEW,CERT_DROP,ARTIFACTS};
-	
-	public Class<?> getClass(API api);
-	public<A> A newInstance(API api);
+    public enum API{ERROR,VOID,CERT,CERT_REQ,CERT_RENEW,CERT_DROP,ARTIFACTS};
+    
+    public Class<?> getClass(API api);
+    public<A> A newInstance(API api);
 
-	public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);
-	
-	public Result<CERT> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException;
-	public Result<CERT> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in);
+    public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);
+    
+    public Result<CERT> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException;
+    public Result<CERT> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in);
 
-	public Result<CertReq> toReq(AuthzTrans trans, REQ req);
-	public Result<CertRenew> toRenew(AuthzTrans trans, REQ req);
-	public Result<CertDrop>  toDrop(AuthzTrans trans, REQ req);
-	
-	public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, ARTIFACTS arti);
-	public Result<ARTIFACTS> fromArtifacts(Result<List<ArtiDAO.Data>> readArtifactsByMachine);
+    public Result<CertReq> toReq(AuthzTrans trans, REQ req);
+    public Result<CertRenew> toRenew(AuthzTrans trans, REQ req);
+    public Result<CertDrop>  toDrop(AuthzTrans trans, REQ req);
+    
+    public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, ARTIFACTS arti);
+    public Result<ARTIFACTS> fromArtifacts(Result<List<ArtiDAO.Data>> readArtifactsByMachine);
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
index c06734f4..53b97626 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
@@ -49,234 +49,234 @@ import certman.v1_0.CertificateRequest;
 
 
 public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
-	
-	@Override
-	public Class<?> getClass(API api) {
-		switch(api) {
-			case CERT_REQ: return CertificateRequest.class;
-			case CERT_RENEW: return CertificateRenew.class;
-			case CERT_DROP: return CertificateDrop.class;
-			case CERT: return CertInfo.class;
-			case ARTIFACTS: return Artifacts.class;
-			case ERROR: return Error.class;
-			case VOID: return Void.class;
-		}
-		return null;
-	}
+    
+    @Override
+    public Class<?> getClass(API api) {
+        switch(api) {
+            case CERT_REQ: return CertificateRequest.class;
+            case CERT_RENEW: return CertificateRenew.class;
+            case CERT_DROP: return CertificateDrop.class;
+            case CERT: return CertInfo.class;
+            case ARTIFACTS: return Artifacts.class;
+            case ERROR: return Error.class;
+            case VOID: return Void.class;
+        }
+        return null;
+    }
 
-	@SuppressWarnings("unchecked")
-	@Override
-	public <A> A newInstance(API api) {
-		switch(api) {
-			case CERT_REQ: return (A) new CertificateRequest();
-			case CERT_RENEW: return (A) new CertificateRenew();
-			case CERT_DROP: return (A) new CertificateDrop();
-			case CERT: return (A) new CertInfo();
-			case ARTIFACTS: return (A) new Artifacts();
-			case ERROR: return (A)new Error();
-			case VOID: return null;
-		}
-		return null;
-	}
+    @SuppressWarnings("unchecked")
+    @Override
+    public <A> A newInstance(API api) {
+        switch(api) {
+            case CERT_REQ: return (A) new CertificateRequest();
+            case CERT_RENEW: return (A) new CertificateRenew();
+            case CERT_DROP: return (A) new CertificateDrop();
+            case CERT: return (A) new CertInfo();
+            case ARTIFACTS: return (A) new Artifacts();
+            case ERROR: return (A)new Error();
+            case VOID: return null;
+        }
+        return null;
+    }
 
-	//////////////  Mapping Functions /////////////
-	@Override
-	public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {
-		Error err = new Error();
-		err.setMessageId(msgID);
-		// AT&T Restful Error Format requires numbers "%" placements
-		err.setText(Vars.convert(holder, text, var));
-		for(String s : var) {
-			err.getVariables().add(s);
-		}
-		return err;
-	}
+    //////////////  Mapping Functions /////////////
+    @Override
+    public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {
+        Error err = new Error();
+        err.setMessageId(msgID);
+        // AT&T Restful Error Format requires numbers "%" placements
+        err.setText(Vars.convert(holder, text, var));
+        for(String s : var) {
+            err.getVariables().add(s);
+        }
+        return err;
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
-	 */
-	@Override
-	public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException {
-		if(!in.isOK()) {
-			return Result.err(in);
-		}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
+     */
+    @Override
+    public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException {
+        if(!in.isOK()) {
+            return Result.err(in);
+        }
 
-		CertResp cin = in.value;
-		CertInfo cout = newInstance(API.CERT);
-		cout.setPrivatekey(cin.privateString());
-		String value;
-		if((value=cin.challenge())!=null) {
-			cout.setChallenge(value);
-		}
-		// In Version 1, Cert is always first
-		cout.getCerts().add(cin.asCertString());
-		// Follow with Trust Chain
-		if(cin.trustChain()!=null) {
-			for(String c : cin.trustChain()) {
-				if(c!=null) {
-					cout.getCerts().add(c);
-				}
-			}
-		}
+        CertResp cin = in.value;
+        CertInfo cout = newInstance(API.CERT);
+        cout.setPrivatekey(cin.privateString());
+        String value;
+        if((value=cin.challenge())!=null) {
+            cout.setChallenge(value);
+        }
+        // In Version 1, Cert is always first
+        cout.getCerts().add(cin.asCertString());
+        // Follow with Trust Chain
+        if(cin.trustChain()!=null) {
+            for(String c : cin.trustChain()) {
+                if(c!=null) {
+                    cout.getCerts().add(c);
+                }
+            }
+        }
 
-		// Adding all the Certs in one response is a mistake.  Makes it very hard for Agent to setup
-		// Certs in keystore versus Truststore.  Separate in Version 2_0
-		if(cin.trustCAs()!=null) {
-			for(String c : cin.trustCAs()) {
-				if(c!=null) {
-					if(!cout.getCerts().contains(c)) {
-						cout.getCerts().add(c);
-					}
-				}
-			}
-		}
-		if(cin.notes()!=null) {
-			boolean first = true;
-			StringBuilder sb = new StringBuilder();
-			for(String n : cin.notes()) {
-				if(first) {
-					first = false;
-				} else {
-					sb.append('\n');
-				}
-				sb.append(n);
-			}
-			cout.setNotes(sb.toString());
-		}
-		List<String> caIssuerDNs = cout.getCaIssuerDNs();
-		for(String s : cin.caIssuerDNs()) {
-			caIssuerDNs.add(s);
-		}
-		cout.setEnv(cin.env());
-		return Result.ok(cout);
+        // Adding all the Certs in one response is a mistake.  Makes it very hard for Agent to setup
+        // Certs in keystore versus Truststore.  Separate in Version 2_0
+        if(cin.trustCAs()!=null) {
+            for(String c : cin.trustCAs()) {
+                if(c!=null) {
+                    if(!cout.getCerts().contains(c)) {
+                        cout.getCerts().add(c);
+                    }
+                }
+            }
+        }
+        if(cin.notes()!=null) {
+            boolean first = true;
+            StringBuilder sb = new StringBuilder();
+            for(String n : cin.notes()) {
+                if(first) {
+                    first = false;
+                } else {
+                    sb.append('\n');
+                }
+                sb.append(n);
+            }
+            cout.setNotes(sb.toString());
+        }
+        List<String> caIssuerDNs = cout.getCaIssuerDNs();
+        for(String s : cin.caIssuerDNs()) {
+            caIssuerDNs.add(s);
+        }
+        cout.setEnv(cin.env());
+        return Result.ok(cout);
 
-	}
+    }
 
-	@Override
-	public Result<CertInfo> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in) {
-		if(in.isOK()) {
-			CertInfo cout = newInstance(API.CERT);
-			List<String> certs = cout.getCerts();
-			for(CertDAO.Data cdd : in.value) {
-				certs.add(cdd.x509);
-			}
-			return Result.ok(cout);
-		} else {
-			return Result.err(in);
-		}
-	}
+    @Override
+    public Result<CertInfo> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in) {
+        if(in.isOK()) {
+            CertInfo cout = newInstance(API.CERT);
+            List<String> certs = cout.getCerts();
+            for(CertDAO.Data cdd : in.value) {
+                certs.add(cdd.x509);
+            }
+            return Result.ok(cout);
+        } else {
+            return Result.err(in);
+        }
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertReq> toReq(AuthzTrans trans, BaseRequest req) {
-		CertificateRequest in;
-		try {
-			in = (CertificateRequest)req;
-		} catch(ClassCastException e) {
-			return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest");
-		}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertReq> toReq(AuthzTrans trans, BaseRequest req) {
+        CertificateRequest in;
+        try {
+            in = (CertificateRequest)req;
+        } catch(ClassCastException e) {
+            return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest");
+        }
 
-		CertReq out = new CertReq();
-		CertmanValidator v = new CertmanValidator();
-		out.mechid=in.getMechid();
-		out.fqdns=in.getFqdns();
-		v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid);
-		v.nullBlankMin("FQDNs", out.fqdns,1);
-		if(v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-		out.emails = in.getEmail();
-		out.sponsor=in.getSponsor();
-		out.start = in.getStart();
-		out.end = in.getEnd();
-		out.fqdns = in.getFqdns();
-		return Result.ok(out);
-	}
+        CertReq out = new CertReq();
+        CertmanValidator v = new CertmanValidator();
+        out.mechid=in.getMechid();
+        out.fqdns=in.getFqdns();
+        v.isNull("CertRequest", req).nullOrBlank("MechID", out.mechid);
+        v.nullBlankMin("FQDNs", out.fqdns,1);
+        if(v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+        out.emails = in.getEmail();
+        out.sponsor=in.getSponsor();
+        out.start = in.getStart();
+        out.end = in.getEnd();
+        out.fqdns = in.getFqdns();
+        return Result.ok(out);
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertRenew> toRenew(AuthzTrans trans, BaseRequest req) {
-		return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
-	}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertRenew> toRenew(AuthzTrans trans, BaseRequest req) {
+        return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertDrop> toDrop(AuthzTrans trans, BaseRequest req) {
-		return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
-	}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertDrop> toDrop(AuthzTrans trans, BaseRequest req) {
+        return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {
-		List<ArtiDAO.Data> ladd = new ArrayList<>();
-		for(Artifact arti : artifacts.getArtifact()) {
-			ArtiDAO.Data data = new ArtiDAO.Data();
-			data.mechid = arti.getMechid();
-			data.machine = arti.getMachine();
-			data.type(true).addAll(arti.getType());
-			data.ca = arti.getCa();
-			data.dir = arti.getDir();
-			data.os_user = arti.getOsUser();
-			// Optional (on way in)
-			data.ns = arti.getNs();
-			data.renewDays = arti.getRenewDays();
-			data.notify = arti.getNotification();
-			
-			// Ignored on way in for create/update
-			data.sponsor = arti.getSponsor();
-			data.expires = null;
-			
-			// Derive Optional Data from Machine (Domain) if exists
-			if(data.machine!=null) {
-				if(data.ca==null && data.machine.endsWith(".att.com")) {
-						data.ca = "aaf"; // default
-				}
-				if(data.ns==null ) {
-					data.ns=FQI.reverseDomain(data.machine);
-				}
-			}
-			data.sans(true).addAll(arti.getSans());
-			ladd.add(data);
-		}
-		return ladd;
-	}
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {
+        List<ArtiDAO.Data> ladd = new ArrayList<>();
+        for(Artifact arti : artifacts.getArtifact()) {
+            ArtiDAO.Data data = new ArtiDAO.Data();
+            data.mechid = arti.getMechid();
+            data.machine = arti.getMachine();
+            data.type(true).addAll(arti.getType());
+            data.ca = arti.getCa();
+            data.dir = arti.getDir();
+            data.os_user = arti.getOsUser();
+            // Optional (on way in)
+            data.ns = arti.getNs();
+            data.renewDays = arti.getRenewDays();
+            data.notify = arti.getNotification();
+            
+            // Ignored on way in for create/update
+            data.sponsor = arti.getSponsor();
+            data.expires = null;
+            
+            // Derive Optional Data from Machine (Domain) if exists
+            if(data.machine!=null) {
+                if(data.ca==null && data.machine.endsWith(".att.com")) {
+                        data.ca = "aaf"; // default
+                }
+                if(data.ns==null ) {
+                    data.ns=FQI.reverseDomain(data.machine);
+                }
+            }
+            data.sans(true).addAll(arti.getSans());
+            ladd.add(data);
+        }
+        return ladd;
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result)
-	 */
-	@Override
-	public Result<Artifacts> fromArtifacts(Result<List<Data>> lArtiDAO) {
-		if(lArtiDAO.isOK()) {
-			Artifacts artis = new Artifacts();
-			for(ArtiDAO.Data arti : lArtiDAO.value) {
-				Artifact a = new Artifact();
-				a.setMechid(arti.mechid);
-				a.setMachine(arti.machine);
-				a.setSponsor(arti.sponsor);
-				a.setNs(arti.ns);
-				a.setCa(arti.ca);
-				a.setDir(arti.dir);
-				a.getType().addAll(arti.type(false));
-				a.setOsUser(arti.os_user);
-				a.setRenewDays(arti.renewDays);
-				a.setNotification(arti.notify);
-				a.getSans().addAll(arti.sans(false));
-				artis.getArtifact().add(a);
-			}
-			return Result.ok(artis);
-		} else {
-			return Result.err(lArtiDAO);
-		}
-	}
-	
-	
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result)
+     */
+    @Override
+    public Result<Artifacts> fromArtifacts(Result<List<Data>> lArtiDAO) {
+        if(lArtiDAO.isOK()) {
+            Artifacts artis = new Artifacts();
+            for(ArtiDAO.Data arti : lArtiDAO.value) {
+                Artifact a = new Artifact();
+                a.setMechid(arti.mechid);
+                a.setMachine(arti.machine);
+                a.setSponsor(arti.sponsor);
+                a.setNs(arti.ns);
+                a.setCa(arti.ca);
+                a.setDir(arti.dir);
+                a.getType().addAll(arti.type(false));
+                a.setOsUser(arti.os_user);
+                a.setRenewDays(arti.renewDays);
+                a.setNotification(arti.notify);
+                a.getSans().addAll(arti.sans(false));
+                artis.getArtifact().add(a);
+            }
+            return Result.ok(artis);
+        } else {
+            return Result.err(lArtiDAO);
+        }
+    }
+    
+    
 
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
index 23a0c543..d85ea2ca 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
@@ -49,225 +49,225 @@ import certman.v1_0.CertificateRequest;
 
 
 public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
-	
-	@Override
-	public Class<?> getClass(API api) {
-		switch(api) {
-			case CERT_REQ: return CertificateRequest.class;
-			case CERT_RENEW: return CertificateRenew.class;
-			case CERT_DROP: return CertificateDrop.class;
-			case CERT: return CertInfo.class;
-			case ARTIFACTS: return Artifacts.class;
-			case ERROR: return Error.class;
-			case VOID: return Void.class;
-		}
-		return null;
-	}
+    
+    @Override
+    public Class<?> getClass(API api) {
+        switch(api) {
+            case CERT_REQ: return CertificateRequest.class;
+            case CERT_RENEW: return CertificateRenew.class;
+            case CERT_DROP: return CertificateDrop.class;
+            case CERT: return CertInfo.class;
+            case ARTIFACTS: return Artifacts.class;
+            case ERROR: return Error.class;
+            case VOID: return Void.class;
+        }
+        return null;
+    }
 
-	@SuppressWarnings("unchecked")
-	@Override
-	public <A> A newInstance(API api) {
-		switch(api) {
-			case CERT_REQ: return (A) new CertificateRequest();
-			case CERT_RENEW: return (A) new CertificateRenew();
-			case CERT_DROP: return (A) new CertificateDrop();
-			case CERT: return (A) new CertInfo();
-			case ARTIFACTS: return (A) new Artifacts();
-			case ERROR: return (A)new Error();
-			case VOID: return null;
-		}
-		return null;
-	}
+    @SuppressWarnings("unchecked")
+    @Override
+    public <A> A newInstance(API api) {
+        switch(api) {
+            case CERT_REQ: return (A) new CertificateRequest();
+            case CERT_RENEW: return (A) new CertificateRenew();
+            case CERT_DROP: return (A) new CertificateDrop();
+            case CERT: return (A) new CertInfo();
+            case ARTIFACTS: return (A) new Artifacts();
+            case ERROR: return (A)new Error();
+            case VOID: return null;
+        }
+        return null;
+    }
 
-	//////////////  Mapping Functions /////////////
-	@Override
-	public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {
-		Error err = new Error();
-		err.setMessageId(msgID);
-		// AT&T Restful Error Format requires numbers "%" placements
-		err.setText(Vars.convert(holder, text, var));
-		for(String s : var) {
-			err.getVariables().add(s);
-		}
-		return err;
-	}
+    //////////////  Mapping Functions /////////////
+    @Override
+    public Error errorFromMessage(StringBuilder holder, String msgID, String text, String... var) {
+        Error err = new Error();
+        err.setMessageId(msgID);
+        // AT&T Restful Error Format requires numbers "%" placements
+        err.setText(Vars.convert(holder, text, var));
+        for(String s : var) {
+            err.getVariables().add(s);
+        }
+        return err;
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
-	 */
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
-	 */
-	@Override
-	public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException {
-		if(!in.isOK()) {
-			CertResp cin = in.value;
-			CertInfo cout = newInstance(API.CERT);
-			cout.setPrivatekey(cin.privateString());
-			String value;
-			if((value=cin.challenge())!=null) {
-				cout.setChallenge(value);
-			}
-			cout.getCerts().add(cin.asCertString());
-			if(cin.trustChain()!=null) {
-				for(String c : cin.trustChain()) {
-					cout.getCerts().add(c);
-				}
-			}
-			if(cin.notes()!=null) {
-				boolean first = true;
-				StringBuilder sb = new StringBuilder();
-				for(String n : cin.notes()) {
-					if(first) {
-						first = false;
-					} else {
-						sb.append('\n');
-					}
-					sb.append(n);
-				}
-				cout.setNotes(sb.toString());
-			}
-			
-			List<String> caIssuerDNs = cout.getCaIssuerDNs();
-			for(String s : cin.caIssuerDNs()) {
-				caIssuerDNs.add(s);
-			}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
+     */
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toCert(org.onap.aaf.auth.env.test.AuthzTrans, org.onap.aaf.auth.layer.test.Result)
+     */
+    @Override
+    public Result<CertInfo> toCert(AuthzTrans trans, Result<CertResp> in, boolean withTrustChain) throws IOException {
+        if(!in.isOK()) {
+            CertResp cin = in.value;
+            CertInfo cout = newInstance(API.CERT);
+            cout.setPrivatekey(cin.privateString());
+            String value;
+            if((value=cin.challenge())!=null) {
+                cout.setChallenge(value);
+            }
+            cout.getCerts().add(cin.asCertString());
+            if(cin.trustChain()!=null) {
+                for(String c : cin.trustChain()) {
+                    cout.getCerts().add(c);
+                }
+            }
+            if(cin.notes()!=null) {
+                boolean first = true;
+                StringBuilder sb = new StringBuilder();
+                for(String n : cin.notes()) {
+                    if(first) {
+                        first = false;
+                    } else {
+                        sb.append('\n');
+                    }
+                    sb.append(n);
+                }
+                cout.setNotes(sb.toString());
+            }
+            
+            List<String> caIssuerDNs = cout.getCaIssuerDNs();
+            for(String s : cin.caIssuerDNs()) {
+                caIssuerDNs.add(s);
+            }
 
-			cout.setEnv(cin.env());
-			return Result.ok(cout);
-		} else {
-			return Result.err(in);
-		}
-	}
+            cout.setEnv(cin.env());
+            return Result.ok(cout);
+        } else {
+            return Result.err(in);
+        }
+    }
 
 
-	@Override
-	public Result<CertInfo> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in) {
-		if(in.isOK()) {
-			CertInfo cout = newInstance(API.CERT);
-			List<String> certs = cout.getCerts();
-			for(CertDAO.Data cdd : in.value) {
-				certs.add(cdd.x509);
-			}
-			return Result.ok(cout);
-		} else {
-			return Result.err(in);
-		}
-	}
+    @Override
+    public Result<CertInfo> toCert(AuthzTrans trans, Result<List<CertDAO.Data>> in) {
+        if(in.isOK()) {
+            CertInfo cout = newInstance(API.CERT);
+            List<String> certs = cout.getCerts();
+            for(CertDAO.Data cdd : in.value) {
+                certs.add(cdd.x509);
+            }
+            return Result.ok(cout);
+        } else {
+            return Result.err(in);
+        }
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertReq> toReq(AuthzTrans trans, BaseRequest req) {
-		CertificateRequest in;
-		try {
-			in = (CertificateRequest)req;
-		} catch(ClassCastException e) {
-			return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest");
-		}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toReq(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertReq> toReq(AuthzTrans trans, BaseRequest req) {
+        CertificateRequest in;
+        try {
+            in = (CertificateRequest)req;
+        } catch(ClassCastException e) {
+            return Result.err(Result.ERR_BadData,"Request is not a CertificateRequest");
+        }
 
-		CertReq out = new CertReq();
-		CertmanValidator v = new CertmanValidator();
-		v.isNull("CertRequest", req)
-			.nullOrBlank("MechID", out.mechid=in.getMechid());
-		v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1);
-		if(v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
+        CertReq out = new CertReq();
+        CertmanValidator v = new CertmanValidator();
+        v.isNull("CertRequest", req)
+            .nullOrBlank("MechID", out.mechid=in.getMechid());
+        v.nullBlankMin("FQDNs", out.fqdns=in.getFqdns(),1);
+        if(v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
 
-		out.emails = in.getEmail();
-		out.sponsor=in.getSponsor();
-		out.start = in.getStart();
-		out.end = in.getEnd();
-		out.fqdns = in.getFqdns();
-		return Result.ok(out);
-	}
+        out.emails = in.getEmail();
+        out.sponsor=in.getSponsor();
+        out.start = in.getStart();
+        out.end = in.getEnd();
+        out.fqdns = in.getFqdns();
+        return Result.ok(out);
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertRenew> toRenew(AuthzTrans trans, BaseRequest req) {
-		return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
-	}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toRenew(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertRenew> toRenew(AuthzTrans trans, BaseRequest req) {
+        return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
+    }
 
-	/* (non-Javadoc)
-	 * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public Result<CertDrop> toDrop(AuthzTrans trans, BaseRequest req) {
-		return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
-	}
+    /* (non-Javadoc)
+     * @see com.att.authz.certman.mapper.Mapper#toDrop(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public Result<CertDrop> toDrop(AuthzTrans trans, BaseRequest req) {
+        return Result.err(Result.ERR_NotImplemented,"Not Implemented... yet");
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
-	 */
-	@Override
-	public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {
-		List<ArtiDAO.Data> ladd = new ArrayList<>();
-		for(Artifact arti : artifacts.getArtifact()) {
-			ArtiDAO.Data data = new ArtiDAO.Data();
-			data.mechid = arti.getMechid();
-			data.machine = arti.getMachine();
-			data.type(true).addAll(arti.getType());
-			data.ca = arti.getCa();
-			data.dir = arti.getDir();
-			data.os_user = arti.getOsUser();
-			// Optional (on way in)
-			data.ns = arti.getNs();
-			data.renewDays = arti.getRenewDays();
-			data.notify = arti.getNotification();
-			
-			// Ignored on way in for create/update
-			data.sponsor = arti.getSponsor();
-			data.expires = null;
-			
-			// Derive Optional Data from Machine (Domain) if exists
-			if(data.machine!=null) {
-				if(data.ca==null) {
-					if(data.machine.endsWith(".att.com")) {
-						data.ca = "aaf"; // default
-					}
-				}
-				if(data.ns==null ) {
-					data.ns=FQI.reverseDomain(data.machine);
-				}
-			}
-			data.sans(true).addAll(arti.getSans());
-			ladd.add(data);
-		}
-		return ladd;
-	}
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.mapper.Mapper#toArtifact(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
+     */
+    @Override
+    public List<ArtiDAO.Data> toArtifact(AuthzTrans trans, Artifacts artifacts) {
+        List<ArtiDAO.Data> ladd = new ArrayList<>();
+        for(Artifact arti : artifacts.getArtifact()) {
+            ArtiDAO.Data data = new ArtiDAO.Data();
+            data.mechid = arti.getMechid();
+            data.machine = arti.getMachine();
+            data.type(true).addAll(arti.getType());
+            data.ca = arti.getCa();
+            data.dir = arti.getDir();
+            data.os_user = arti.getOsUser();
+            // Optional (on way in)
+            data.ns = arti.getNs();
+            data.renewDays = arti.getRenewDays();
+            data.notify = arti.getNotification();
+            
+            // Ignored on way in for create/update
+            data.sponsor = arti.getSponsor();
+            data.expires = null;
+            
+            // Derive Optional Data from Machine (Domain) if exists
+            if(data.machine!=null) {
+                if(data.ca==null) {
+                    if(data.machine.endsWith(".att.com")) {
+                        data.ca = "aaf"; // default
+                    }
+                }
+                if(data.ns==null ) {
+                    data.ns=FQI.reverseDomain(data.machine);
+                }
+            }
+            data.sans(true).addAll(arti.getSans());
+            ladd.add(data);
+        }
+        return ladd;
+    }
 
-	/* (non-Javadoc)
-	 * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result)
-	 */
-	@Override
-	public Result<Artifacts> fromArtifacts(Result<List<Data>> lArtiDAO) {
-		if(lArtiDAO.isOK()) {
-			Artifacts artis = new Artifacts();
-			for(ArtiDAO.Data arti : lArtiDAO.value) {
-				Artifact a = new Artifact();
-				a.setMechid(arti.mechid);
-				a.setMachine(arti.machine);
-				a.setSponsor(arti.sponsor);
-				a.setNs(arti.ns);
-				a.setCa(arti.ca);
-				a.setDir(arti.dir);
-				a.getType().addAll(arti.type(false));
-				a.setOsUser(arti.os_user);
-				a.setRenewDays(arti.renewDays);
-				a.setNotification(arti.notify);
-				a.getSans().addAll(arti.sans(false));
-				artis.getArtifact().add(a);
-			}
-			return Result.ok(artis);
-		} else {
-			return Result.err(lArtiDAO);
-		}
-	}
-	
-	
+    /* (non-Javadoc)
+     * @see org.onap.aaf.auth.cm.mapper.Mapper#fromArtifacts(org.onap.aaf.auth.layer.test.Result)
+     */
+    @Override
+    public Result<Artifacts> fromArtifacts(Result<List<Data>> lArtiDAO) {
+        if(lArtiDAO.isOK()) {
+            Artifacts artis = new Artifacts();
+            for(ArtiDAO.Data arti : lArtiDAO.value) {
+                Artifact a = new Artifact();
+                a.setMechid(arti.mechid);
+                a.setMachine(arti.machine);
+                a.setSponsor(arti.sponsor);
+                a.setNs(arti.ns);
+                a.setCa(arti.ca);
+                a.setDir(arti.dir);
+                a.getType().addAll(arti.type(false));
+                a.setOsUser(arti.os_user);
+                a.setRenewDays(arti.renewDays);
+                a.setNotification(arti.notify);
+                a.getSans().addAll(arti.sans(false));
+                artis.getArtifact().add(a);
+            }
+            return Result.ok(artis);
+        } else {
+            return Result.err(lArtiDAO);
+        }
+    }
+    
+    
 
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 259dfac9..62f0d680 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -67,632 +67,632 @@ import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.util.Chrono;
 
 public class CMService {
-	// If we add more CAs, may want to parameterize
-	private static final int STD_RENEWAL = 30;
-	private static final int MAX_RENEWAL = 60;
-	private static final int MIN_RENEWAL = 10;
-
-	public static final String REQUEST = "request";
-	public static final String IGNORE_IPS = "ignoreIPs";
-	public static final String RENEW = "renew";
-	public static final String DROP = "drop";
-	public static final String DOMAIN = "domain";
-
-	private static final String CERTMAN = "certman";
-	private static final String ACCESS = "access";
-
-	private static final String[] NO_NOTES = new String[0];
-	private final Permission root_read_permission;
-	private final CertDAO certDAO;
-	private final CredDAO credDAO;
-	private final ArtiDAO artiDAO;
-	private AAF_CM certman;
-
-	// @SuppressWarnings("unchecked")
-	public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
-		// Jonathan 4/2015 SessionFilter unneeded... DataStax already deals with
-		// Multithreading well
-
-		HistoryDAO hd = new HistoryDAO(trans, certman.cluster, CassAccess.KEYSPACE);
-		CacheInfoDAO cid = new CacheInfoDAO(trans, hd);
-		certDAO = new CertDAO(trans, hd, cid);
-		credDAO = new CredDAO(trans, hd, cid);
-		artiDAO = new ArtiDAO(trans, hd, cid);
-
-		this.certman = certman;
-		
-		root_read_permission=new AAFPermission(
-			trans.getProperty(Config.AAF_ROOT_NS, Config.AAF_ROOT_NS_DEF),
-			"access",
-			"*",
-			"read"
-		);
-	}
-
-	public Result<CertResp> requestCert(final AuthzTrans trans, final Result<CertReq> req, final CA ca) {
-		if (req.isOK()) {
-
-			if (req.value.fqdns.isEmpty()) {
-				return Result.err(Result.ERR_BadData, "No Machines passed in Request");
-			}
-
-			String key = req.value.fqdns.get(0);
-
-			// Policy 6: Requester must be granted Change permission in Namespace requested
-			String mechNS = FQI.reverseDomain(req.value.mechid);
-			if (mechNS == null) {
-				return Result.err(Status.ERR_Denied, "%s does not reflect a valid AAF Namespace", req.value.mechid);
-			}
-
-			List<String> notes = null;
-			List<String> fqdns = new ArrayList<>(req.value.fqdns);
-
-			String email = null;
-
-			try {
-				Organization org = trans.org();
-
-				boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
-
-				InetAddress primary = null;
-				// Organize incoming information to get to appropriate Artifact
-				if (!fqdns.isEmpty()) {
-					// Accept domain wild cards, but turn into real machines
-					// Need *domain.com:real.machine.domain.com:san.machine.domain.com:...
-					if (fqdns.get(0).startsWith("*")) { // Domain set
-						if (!trans.fish(new AAFPermission(null,ca.getPermType(), ca.getName(), DOMAIN))) {
-							return Result.err(Result.ERR_Denied,
-									"Domain based Authorizations (" + fqdns.get(0) + ") requires Exception");
-						}
-
-						// TODO check for Permission in Add Artifact?
-						String domain = fqdns.get(0).substring(1);
-						fqdns.remove(0);
-						if (fqdns.isEmpty()) {
-							return Result.err(Result.ERR_Denied, "Requests using domain require machine declaration");
-						}
-
-						if (!ignoreIPs) {
-							InetAddress ia = InetAddress.getByName(fqdns.get(0));
-							if (ia == null) {
-								return Result.err(Result.ERR_Denied,
-										"Request not made from matching IP matching domain");
-							} else if (ia.getHostName().endsWith(domain)) {
-								primary = ia;
-							}
-						}
-
-					} else {
-						for (String cn : req.value.fqdns) {
-							if(!ignoreIPs) {
-								try {
-									InetAddress[] ias = InetAddress.getAllByName(cn);
-									Set<String> potentialSanNames = new HashSet<>();
-									for (InetAddress ia1 : ias) {
-										InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
-										if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) {
-											primary = ia1;
-										} else if (!cn.equals(ia1.getHostName())
-												&& !ia2.getHostName().equals(ia2.getHostAddress())) {
-											potentialSanNames.add(ia1.getHostName());
-										}
-									}
-								} catch (UnknownHostException e1) {
-									return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn);
-								}
-							}
-						}
-					}
-				}
-
-				final String host;
-				if(ignoreIPs) {
-					host = req.value.fqdns.get(0);
-				} else if (primary == null) {
-					return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)", trans.ip());
-				} else {
-					host = primary.getHostAddress();
-				}
-
-				ArtiDAO.Data add = null;
-				Result<List<ArtiDAO.Data>> ra = artiDAO.read(trans, req.value.mechid, host);
-				if (ra.isOKhasData()) {
-					if (add == null) {
-						add = ra.value.get(0); // single key
-					}
-				} else {
-					ra = artiDAO.read(trans, req.value.mechid, key);
-					if (ra.isOKhasData()) { // is the Template available?
-						add = ra.value.get(0);
-						add.machine = host;
-						for (String s : fqdns) {
-							if (!s.equals(add.machine)) {
-								add.sans(true).add(s);
-							}
-						}
-						Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template
-						if (rc.notOK()) {
-							return Result.err(rc);
-						}
-					} else {
-						add = ra.value.get(0);
-					}
-				}
-
-				// Add Artifact listed FQDNs
-				if (add.sans != null) {
-					for (String s : add.sans) {
-						if (!fqdns.contains(s)) {
-							fqdns.add(s);
-						}
-					}
-				}
-
-				// Policy 2: If Config marked as Expired, do not create or renew
-				Date now = new Date();
-				if (add.expires != null && now.after(add.expires)) {
-					return Result.err(Result.ERR_Policy, "Configuration for %s %s is expired %s", add.mechid,
-							add.machine, Chrono.dateFmt.format(add.expires));
-				}
-
-				// Policy 3: MechID must be current
-				Identity muser = org.getIdentity(trans, add.mechid);
-				if (muser == null) {
-					return Result.err(Result.ERR_Policy, "MechID must exist in %s", org.getName());
-				}
-
-				// Policy 4: Sponsor must be current
-				Identity ouser = muser.responsibleTo();
-				if (ouser == null) {
-					return Result.err(Result.ERR_Policy, "%s does not have a current sponsor at %s", add.mechid,
-							org.getName());
-				} else if (!ouser.isFound() || ouser.mayOwn() != null) {
-					return Result.err(Result.ERR_Policy, "%s reports that %s cannot be responsible for %s",
-							org.getName(), trans.user());
-				}
-
-				// Set Email from most current Sponsor
-				email = ouser.email();
-
-				// Policy 5: keep Artifact data current
-				if (!ouser.fullID().equals(add.sponsor)) {
-					add.sponsor = ouser.fullID();
-					artiDAO.update(trans, add);
-				}
-
-				// Policy 7: Caller must be the MechID or have specifically delegated
-				// permissions
-				if (!(trans.user().equals(req.value.mechid)
-						|| trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), REQUEST)))) {
-					return Result.err(Status.ERR_Denied, "%s must have access to modify x509 certs in NS %s",
-							trans.user(), mechNS);
-				}
-
-				// Make sure Primary is the first in fqdns
-				if (fqdns.size() > 1) {
-					for (int i = 0; i < fqdns.size(); ++i) {
-						if(primary==null) {
-							trans.error().log("CMService var primary is null");
-						} else {
-							String fg = fqdns.get(i);
-							if (fg!=null && fg.equals(primary.getHostName())) {
-								if (i != 0) {
-									String tmp = fqdns.get(0);
-									fqdns.set(0, primary.getHostName());
-									fqdns.set(i, tmp);
-								}
-							}
-						}
-					}
-				}
-			} catch (Exception e) {
-				e.printStackTrace();
-				trans.error().log(e);
-				return Result.err(Status.ERR_Denied,
-						"AppID Sponsorship cannot be determined at this time.  Try later.");
-			}
-
-			CSRMeta csrMeta;
-			try {
-				csrMeta = BCFactory.createCSRMeta(ca, req.value.mechid, email, fqdns);
-				X509andChain x509ac = ca.sign(trans, csrMeta);
-				if (x509ac == null) {
-					return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
-				}
-				trans.info().printf("X509 Subject: %s", x509ac.getX509().getSubjectDN());
-
-				X509Certificate x509 = x509ac.getX509();
-				CertDAO.Data cdd = new CertDAO.Data();
-				cdd.ca = ca.getName();
-				cdd.serial = x509.getSerialNumber();
-				cdd.id = req.value.mechid;
-				cdd.x500 = x509.getSubjectDN().getName();
-				cdd.x509 = Factory.toString(trans, x509);
-				certDAO.create(trans, cdd);
-
-				CredDAO.Data crdd = new CredDAO.Data();
-				crdd.other = Question.random.nextInt();
-				crdd.cred = getChallenge256SaltedHash(csrMeta.challenge(), crdd.other);
-				crdd.expires = x509.getNotAfter();
-				crdd.id = req.value.mechid;
-				crdd.ns = Question.domain2ns(crdd.id);
-				crdd.type = CredDAO.CERT_SHA256_RSA;
-				credDAO.create(trans, crdd);
-
-				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(notes));
-				return Result.ok(cr);
-			} catch (Exception e) {
-				trans.error().log(e);
-				return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
-			}
-		} else {
-			return Result.err(req);
-		}
-	}
-
-	public Result<CertResp> renewCert(AuthzTrans trans, Result<CertRenew> renew) {
-		if (renew.isOK()) {
-			return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
-		} else {
-			return Result.err(renew);
-		}
-	}
-
-	public Result<Void> dropCert(AuthzTrans trans, Result<CertDrop> drop) {
-		if (drop.isOK()) {
-			return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
-		} else {
-			return Result.err(drop);
-		}
-	}
-
-	public Result<List<Data>> readCertsByMechID(AuthzTrans trans, String mechID) {
-		// Policy 1: To Read, must have NS Read or is Sponsor
-		String ns = Question.domain2ns(mechID);
-		try {
-			if (trans.user().equals(mechID) || trans.fish(new AAFPermission(ns,ACCESS, "*", "read"))
-					|| (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechID)) == null) {
-				return certDAO.readID(trans, mechID);
-			} else {
-				return Result.err(Result.ERR_Denied, "%s is not the ID, Sponsor or NS Owner/Admin for %s at %s",
-						trans.user(), mechID, trans.org().getName());
-			}
-		} catch (OrganizationException e) {
-			return Result.err(e);
-		}
-	}
-
-	public Result<CertResp> requestPersonalCert(AuthzTrans trans, CA ca) {
-		if (ca.inPersonalDomains(trans.getUserPrincipal())) {
-			Organization org = trans.org();
-
-			// Policy 1: MechID must be current
-			Identity ouser;
-			try {
-				ouser = org.getIdentity(trans, trans.user());
-			} catch (OrganizationException e1) {
-				trans.error().log(e1);
-				ouser = null;
-			}
-			if (ouser == null) {
-				return Result.err(Result.ERR_Policy, "Requesting User must exist in %s", org.getName());
-			}
-
-			// Set Email from most current Sponsor
-
-			CSRMeta csrMeta;
-			try {
-				csrMeta = BCFactory.createPersonalCSRMeta(ca, trans.user(), ouser.email());
-				X509andChain x509ac = ca.sign(trans, csrMeta);
-				if (x509ac == null) {
-					return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
-				}
-				X509Certificate x509 = x509ac.getX509();
-				CertDAO.Data cdd = new CertDAO.Data();
-				cdd.ca = ca.getName();
-				cdd.serial = x509.getSerialNumber();
-				cdd.id = trans.user();
-				cdd.x500 = x509.getSubjectDN().getName();
-				cdd.x509 = Factory.toString(trans, x509);
-				certDAO.create(trans, cdd);
-
-				CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
-				return Result.ok(cr);
-			} catch (Exception e) {
-				trans.error().log(e);
-				return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
-			}
-		} else {
-			return Result.err(Result.ERR_Denied, trans.user(), " not supported for CA", ca.getName());
-		}
-	}
-
-	///////////////
-	// Artifact
-	//////////////
-	public Result<Void> createArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
-		CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-		for (ArtiDAO.Data add : list) {
-			try {
-				// Policy 1: MechID must exist in Org
-				Identity muser = trans.org().getIdentity(trans, add.mechid);
-				if (muser == null) {
-					return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
-				}
-
-				// Policy 2: MechID must have valid Organization Owner
-				Identity emailUser;
-				if (muser.isPerson()) {
-					emailUser = muser;
-				} else {
-					Identity ouser = muser.responsibleTo();
-					if (ouser == null) {
-						return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(),
-								add.mechid, trans.org().getName());
-					}
-
-					// Policy 3: Calling ID must be MechID Owner
-					if (!trans.user().startsWith(ouser.id())) {
-						return Result.err(Result.ERR_Denied, "%s is not the Sponsor for %s at %s", trans.user(),
-								add.mechid, trans.org().getName());
-					}
-					emailUser = ouser;
-				}
-
-				// Policy 4: Renewal Days are between 10 and 60 (constants, may be
-				// parameterized)
-				if (add.renewDays < MIN_RENEWAL) {
-					add.renewDays = STD_RENEWAL;
-				} else if (add.renewDays > MAX_RENEWAL) {
-					add.renewDays = MAX_RENEWAL;
-				}
-
-				// Policy 5: If Notify is blank, set to Owner's Email
-				if (add.notify == null || add.notify.length() == 0) {
-					add.notify = "mailto:" + emailUser.email();
-				}
-
-				// Policy 6: Only do Domain by Exception
-				if (add.machine.startsWith("*")) { // Domain set
-					CA ca = certman.getCA(add.ca);
-
-					if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
-						return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
-								add.machine);
-					}
-				}
-
-				// Set Sponsor from Golden Source
-				add.sponsor = emailUser.fullID();
-
-			} catch (OrganizationException e) {
-				return Result.err(e);
-			}
-			// Add to DB
-			Result<ArtiDAO.Data> rv = artiDAO.create(trans, add);
-			// TODO come up with Partial Reporting Scheme, or allow only one at a time.
-			if (rv.notOK()) {
-				return Result.err(rv);
-			}
-		}
-		return Result.ok();
-	}
-
-	public Result<List<ArtiDAO.Data>> readArtifacts(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
-		CertmanValidator v = new CertmanValidator().keys(add);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-		Result<List<ArtiDAO.Data>> data = artiDAO.read(trans, add);
-		if (data.notOKorIsEmpty()) {
-			return data;
-		}
-		add = data.value.get(0);
-		if (trans.user().equals(add.mechid) 
-				|| trans.fish(root_read_permission,
-							  new AAFPermission(add.ns,ACCESS, "*", "read"),
-						      new AAFPermission(add.ns,CERTMAN, add.ca, "read"),
-						      new AAFPermission(add.ns,CERTMAN, add.ca, "request"))
-				|| (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, add.mechid)) == null) {
-			return data;
-		} else {
-			return Result.err(Result.ERR_Denied,
-					"%s is not %s, is not the sponsor, and doesn't have delegated permission.", trans.user(),
-					add.mechid, add.ns + ".certman|" + add.ca + "|read or ...|request"); // note: reason is set by 2nd
-																							// case, if 1st case misses
-		}
-
-	}
-
-	public Result<List<ArtiDAO.Data>> readArtifactsByMechID(AuthzTrans trans, String mechid)
-			throws OrganizationException {
-		CertmanValidator v = new CertmanValidator();
-		v.nullOrBlank("mechid", mechid);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-		String ns = FQI.reverseDomain(mechid);
-
-		String reason;
-		if (trans.fish(new AAFPermission(ns, ACCESS, "*", "read"))
-				|| (reason = trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechid)) == null) {
-			return artiDAO.readByMechID(trans, mechid);
-		} else {
-			return Result.err(Result.ERR_Denied, reason); // note: reason is set by 2nd case, if 1st case misses
-		}
-
-	}
-
-	public Result<List<ArtiDAO.Data>> readArtifactsByMachine(AuthzTrans trans, String machine) {
-		CertmanValidator v = new CertmanValidator();
-		v.nullOrBlank("machine", machine);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-
-		// TODO do some checks?
-
-		Result<List<ArtiDAO.Data>> rv = artiDAO.readByMachine(trans, machine);
-		return rv;
-	}
-
-	public Result<List<ArtiDAO.Data>> readArtifactsByNs(AuthzTrans trans, String ns) {
-		CertmanValidator v = new CertmanValidator();
-		v.nullOrBlank("ns", ns);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-
-		// TODO do some checks?
-
-		return artiDAO.readByNs(trans, ns);
-	}
-
-	public Result<Void> updateArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) throws OrganizationException {
-		CertmanValidator v = new CertmanValidator();
-		v.artisRequired(list, 1);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-
-		// Check if requesting User is Sponsor
-		// TODO - Shall we do one, or multiples?
-		for (ArtiDAO.Data add : list) {
-			// Policy 1: MechID must exist in Org
-			Identity muser = trans.org().getIdentity(trans, add.mechid);
-			if (muser == null) {
-				return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
-			}
-
-			// Policy 2: MechID must have valid Organization Owner
-			Identity ouser = muser.responsibleTo();
-			if (ouser == null) {
-				return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(), add.mechid,
-						trans.org().getName());
-			}
-
-			// Policy 3: Renewal Days are between 10 and 60 (constants, may be
-			// parameterized)
-			if (add.renewDays < MIN_RENEWAL) {
-				add.renewDays = STD_RENEWAL;
-			} else if (add.renewDays > MAX_RENEWAL) {
-				add.renewDays = MAX_RENEWAL;
-			}
-
-			// Policy 4: Data is always updated with the latest Sponsor
-			// Add to Sponsor, to make sure we are always up to date.
-			add.sponsor = ouser.fullID();
-
-			// Policy 5: If Notify is blank, set to Owner's Email
-			if (add.notify == null || add.notify.length() == 0) {
-				add.notify = "mailto:" + ouser.email();
-			}
-			// Policy 6: Only do Domain by Exception
-			if (add.machine.startsWith("*")) { // Domain set
-				CA ca = certman.getCA(add.ca);
-				if (ca == null) {
-					return Result.err(Result.ERR_BadData, "CA is required in Artifact");
-				}
-				if (!trans.fish(new AAFPermission(null,ca.getPermType(), add.ca, DOMAIN))) {
-					return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
-							add.machine);
-				}
-			}
-
-			// Policy 7: only Owner may update info
-			if (trans.user().startsWith(ouser.id())) {
-				return artiDAO.update(trans, add);
-			} else {
-				return Result.err(Result.ERR_Denied, "%s may not update info for %s", trans.user(), muser.fullID());
-			}
-		}
-		return Result.err(Result.ERR_BadData, "No Artifacts to update");
-	}
-
-	public Result<Void> deleteArtifact(AuthzTrans trans, String mechid, String machine) throws OrganizationException {
-		CertmanValidator v = new CertmanValidator();
-		v.nullOrBlank("mechid", mechid).nullOrBlank("machine", machine);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-
-		Result<List<ArtiDAO.Data>> rlad = artiDAO.read(trans, mechid, machine);
-		if (rlad.notOKorIsEmpty()) {
-			return Result.err(Result.ERR_NotFound, "Artifact for %s %s does not exist.", mechid, machine);
-		}
-
-		return deleteArtifact(trans, rlad.value.get(0));
-	}
-
-	private Result<Void> deleteArtifact(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
-		// Policy 1: Record should be delete able only by Existing Sponsor.
-		String sponsor = null;
-		Identity muser = trans.org().getIdentity(trans, add.mechid);
-		if (muser != null) {
-			Identity ouser = muser.responsibleTo();
-			if (ouser != null) {
-				sponsor = ouser.fullID();
-			}
-		}
-		// Policy 1.a: If Sponsorship is deleted in system of Record, then
-		// accept deletion by sponsor in Artifact Table
-		if (sponsor == null) {
-			sponsor = add.sponsor;
-		}
-
-		String ns = FQI.reverseDomain(add.mechid);
-
-		if (trans.fish(new AAFPermission(ns,ACCESS, "*", "write")) || trans.user().equals(sponsor)) {
-			return artiDAO.delete(trans, add, false);
-		}
-		return Result.err(Result.ERR_Denied, "%1 is not allowed to delete this item", trans.user());
-	}
-
-	public Result<Void> deleteArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
-		CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
-		if (v.err()) {
-			return Result.err(Result.ERR_BadData, v.errs());
-		}
-
-		try {
-			boolean partial = false;
-			Result<Void> result = null;
-			for (ArtiDAO.Data add : list) {
-				result = deleteArtifact(trans, add);
-				if (result.notOK()) {
-					partial = true;
-				}
-			}
-			if (result == null) {
-				result = Result.err(Result.ERR_BadData, "No Artifacts to delete");
-			} else if (partial) {
-				result.partialContent(true);
-			}
-			return result;
-		} catch (Exception e) {
-			return Result.err(e);
-		}
-	}
-
-	private String[] compileNotes(List<String> notes) {
-		String[] rv;
-		if (notes == null) {
-			rv = NO_NOTES;
-		} else {
-			rv = new String[notes.size()];
-			notes.toArray(rv);
-		}
-		return rv;
-	}
-
-	private ByteBuffer getChallenge256SaltedHash(String challenge, int salt) throws NoSuchAlgorithmException {
-		ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + challenge.length());
-		bb.putInt(salt);
-		bb.put(challenge.getBytes());
-		byte[] hash = Hash.hashSHA256(bb.array());
-		return ByteBuffer.wrap(hash);
-	}
+    // If we add more CAs, may want to parameterize
+    private static final int STD_RENEWAL = 30;
+    private static final int MAX_RENEWAL = 60;
+    private static final int MIN_RENEWAL = 10;
+
+    public static final String REQUEST = "request";
+    public static final String IGNORE_IPS = "ignoreIPs";
+    public static final String RENEW = "renew";
+    public static final String DROP = "drop";
+    public static final String DOMAIN = "domain";
+
+    private static final String CERTMAN = "certman";
+    private static final String ACCESS = "access";
+
+    private static final String[] NO_NOTES = new String[0];
+    private final Permission root_read_permission;
+    private final CertDAO certDAO;
+    private final CredDAO credDAO;
+    private final ArtiDAO artiDAO;
+    private AAF_CM certman;
+
+    // @SuppressWarnings("unchecked")
+    public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
+        // Jonathan 4/2015 SessionFilter unneeded... DataStax already deals with
+        // Multithreading well
+
+        HistoryDAO hd = new HistoryDAO(trans, certman.cluster, CassAccess.KEYSPACE);
+        CacheInfoDAO cid = new CacheInfoDAO(trans, hd);
+        certDAO = new CertDAO(trans, hd, cid);
+        credDAO = new CredDAO(trans, hd, cid);
+        artiDAO = new ArtiDAO(trans, hd, cid);
+
+        this.certman = certman;
+        
+        root_read_permission=new AAFPermission(
+            trans.getProperty(Config.AAF_ROOT_NS, Config.AAF_ROOT_NS_DEF),
+            "access",
+            "*",
+            "read"
+        );
+    }
+
+    public Result<CertResp> requestCert(final AuthzTrans trans, final Result<CertReq> req, final CA ca) {
+        if (req.isOK()) {
+
+            if (req.value.fqdns.isEmpty()) {
+                return Result.err(Result.ERR_BadData, "No Machines passed in Request");
+            }
+
+            String key = req.value.fqdns.get(0);
+
+            // Policy 6: Requester must be granted Change permission in Namespace requested
+            String mechNS = FQI.reverseDomain(req.value.mechid);
+            if (mechNS == null) {
+                return Result.err(Status.ERR_Denied, "%s does not reflect a valid AAF Namespace", req.value.mechid);
+            }
+
+            List<String> notes = null;
+            List<String> fqdns = new ArrayList<>(req.value.fqdns);
+
+            String email = null;
+
+            try {
+                Organization org = trans.org();
+
+                boolean ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
+
+                InetAddress primary = null;
+                // Organize incoming information to get to appropriate Artifact
+                if (!fqdns.isEmpty()) {
+                    // Accept domain wild cards, but turn into real machines
+                    // Need *domain.com:real.machine.domain.com:san.machine.domain.com:...
+                    if (fqdns.get(0).startsWith("*")) { // Domain set
+                        if (!trans.fish(new AAFPermission(null,ca.getPermType(), ca.getName(), DOMAIN))) {
+                            return Result.err(Result.ERR_Denied,
+                                    "Domain based Authorizations (" + fqdns.get(0) + ") requires Exception");
+                        }
+
+                        // TODO check for Permission in Add Artifact?
+                        String domain = fqdns.get(0).substring(1);
+                        fqdns.remove(0);
+                        if (fqdns.isEmpty()) {
+                            return Result.err(Result.ERR_Denied, "Requests using domain require machine declaration");
+                        }
+
+                        if (!ignoreIPs) {
+                            InetAddress ia = InetAddress.getByName(fqdns.get(0));
+                            if (ia == null) {
+                                return Result.err(Result.ERR_Denied,
+                                        "Request not made from matching IP matching domain");
+                            } else if (ia.getHostName().endsWith(domain)) {
+                                primary = ia;
+                            }
+                        }
+
+                    } else {
+                        for (String cn : req.value.fqdns) {
+                            if(!ignoreIPs) {
+                                try {
+                                    InetAddress[] ias = InetAddress.getAllByName(cn);
+                                    Set<String> potentialSanNames = new HashSet<>();
+                                    for (InetAddress ia1 : ias) {
+                                        InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
+                                        if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) {
+                                            primary = ia1;
+                                        } else if (!cn.equals(ia1.getHostName())
+                                                && !ia2.getHostName().equals(ia2.getHostAddress())) {
+                                            potentialSanNames.add(ia1.getHostName());
+                                        }
+                                    }
+                                } catch (UnknownHostException e1) {
+                                    return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn);
+                                }
+                            }
+                        }
+                    }
+                }
+
+                final String host;
+                if(ignoreIPs) {
+                    host = req.value.fqdns.get(0);
+                } else if (primary == null) {
+                    return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)", trans.ip());
+                } else {
+                    host = primary.getHostAddress();
+                }
+
+                ArtiDAO.Data add = null;
+                Result<List<ArtiDAO.Data>> ra = artiDAO.read(trans, req.value.mechid, host);
+                if (ra.isOKhasData()) {
+                    if (add == null) {
+                        add = ra.value.get(0); // single key
+                    }
+                } else {
+                    ra = artiDAO.read(trans, req.value.mechid, key);
+                    if (ra.isOKhasData()) { // is the Template available?
+                        add = ra.value.get(0);
+                        add.machine = host;
+                        for (String s : fqdns) {
+                            if (!s.equals(add.machine)) {
+                                add.sans(true).add(s);
+                            }
+                        }
+                        Result<ArtiDAO.Data> rc = artiDAO.create(trans, add); // Create new Artifact from Template
+                        if (rc.notOK()) {
+                            return Result.err(rc);
+                        }
+                    } else {
+                        add = ra.value.get(0);
+                    }
+                }
+
+                // Add Artifact listed FQDNs
+                if (add.sans != null) {
+                    for (String s : add.sans) {
+                        if (!fqdns.contains(s)) {
+                            fqdns.add(s);
+                        }
+                    }
+                }
+
+                // Policy 2: If Config marked as Expired, do not create or renew
+                Date now = new Date();
+                if (add.expires != null && now.after(add.expires)) {
+                    return Result.err(Result.ERR_Policy, "Configuration for %s %s is expired %s", add.mechid,
+                            add.machine, Chrono.dateFmt.format(add.expires));
+                }
+
+                // Policy 3: MechID must be current
+                Identity muser = org.getIdentity(trans, add.mechid);
+                if (muser == null) {
+                    return Result.err(Result.ERR_Policy, "MechID must exist in %s", org.getName());
+                }
+
+                // Policy 4: Sponsor must be current
+                Identity ouser = muser.responsibleTo();
+                if (ouser == null) {
+                    return Result.err(Result.ERR_Policy, "%s does not have a current sponsor at %s", add.mechid,
+                            org.getName());
+                } else if (!ouser.isFound() || ouser.mayOwn() != null) {
+                    return Result.err(Result.ERR_Policy, "%s reports that %s cannot be responsible for %s",
+                            org.getName(), trans.user());
+                }
+
+                // Set Email from most current Sponsor
+                email = ouser.email();
+
+                // Policy 5: keep Artifact data current
+                if (!ouser.fullID().equals(add.sponsor)) {
+                    add.sponsor = ouser.fullID();
+                    artiDAO.update(trans, add);
+                }
+
+                // Policy 7: Caller must be the MechID or have specifically delegated
+                // permissions
+                if (!(trans.user().equals(req.value.mechid)
+                        || trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), REQUEST)))) {
+                    return Result.err(Status.ERR_Denied, "%s must have access to modify x509 certs in NS %s",
+                            trans.user(), mechNS);
+                }
+
+                // Make sure Primary is the first in fqdns
+                if (fqdns.size() > 1) {
+                    for (int i = 0; i < fqdns.size(); ++i) {
+                        if(primary==null) {
+                            trans.error().log("CMService var primary is null");
+                        } else {
+                            String fg = fqdns.get(i);
+                            if (fg!=null && fg.equals(primary.getHostName())) {
+                                if (i != 0) {
+                                    String tmp = fqdns.get(0);
+                                    fqdns.set(0, primary.getHostName());
+                                    fqdns.set(i, tmp);
+                                }
+                            }
+                        }
+                    }
+                }
+            } catch (Exception e) {
+                e.printStackTrace();
+                trans.error().log(e);
+                return Result.err(Status.ERR_Denied,
+                        "AppID Sponsorship cannot be determined at this time.  Try later.");
+            }
+
+            CSRMeta csrMeta;
+            try {
+                csrMeta = BCFactory.createCSRMeta(ca, req.value.mechid, email, fqdns);
+                X509andChain x509ac = ca.sign(trans, csrMeta);
+                if (x509ac == null) {
+                    return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
+                }
+                trans.info().printf("X509 Subject: %s", x509ac.getX509().getSubjectDN());
+
+                X509Certificate x509 = x509ac.getX509();
+                CertDAO.Data cdd = new CertDAO.Data();
+                cdd.ca = ca.getName();
+                cdd.serial = x509.getSerialNumber();
+                cdd.id = req.value.mechid;
+                cdd.x500 = x509.getSubjectDN().getName();
+                cdd.x509 = Factory.toString(trans, x509);
+                certDAO.create(trans, cdd);
+
+                CredDAO.Data crdd = new CredDAO.Data();
+                crdd.other = Question.random.nextInt();
+                crdd.cred = getChallenge256SaltedHash(csrMeta.challenge(), crdd.other);
+                crdd.expires = x509.getNotAfter();
+                crdd.id = req.value.mechid;
+                crdd.ns = Question.domain2ns(crdd.id);
+                crdd.type = CredDAO.CERT_SHA256_RSA;
+                credDAO.create(trans, crdd);
+
+                CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(notes));
+                return Result.ok(cr);
+            } catch (Exception e) {
+                trans.error().log(e);
+                return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
+            }
+        } else {
+            return Result.err(req);
+        }
+    }
+
+    public Result<CertResp> renewCert(AuthzTrans trans, Result<CertRenew> renew) {
+        if (renew.isOK()) {
+            return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
+        } else {
+            return Result.err(renew);
+        }
+    }
+
+    public Result<Void> dropCert(AuthzTrans trans, Result<CertDrop> drop) {
+        if (drop.isOK()) {
+            return Result.err(Result.ERR_NotImplemented, "Not implemented yet");
+        } else {
+            return Result.err(drop);
+        }
+    }
+
+    public Result<List<Data>> readCertsByMechID(AuthzTrans trans, String mechID) {
+        // Policy 1: To Read, must have NS Read or is Sponsor
+        String ns = Question.domain2ns(mechID);
+        try {
+            if (trans.user().equals(mechID) || trans.fish(new AAFPermission(ns,ACCESS, "*", "read"))
+                    || (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechID)) == null) {
+                return certDAO.readID(trans, mechID);
+            } else {
+                return Result.err(Result.ERR_Denied, "%s is not the ID, Sponsor or NS Owner/Admin for %s at %s",
+                        trans.user(), mechID, trans.org().getName());
+            }
+        } catch (OrganizationException e) {
+            return Result.err(e);
+        }
+    }
+
+    public Result<CertResp> requestPersonalCert(AuthzTrans trans, CA ca) {
+        if (ca.inPersonalDomains(trans.getUserPrincipal())) {
+            Organization org = trans.org();
+
+            // Policy 1: MechID must be current
+            Identity ouser;
+            try {
+                ouser = org.getIdentity(trans, trans.user());
+            } catch (OrganizationException e1) {
+                trans.error().log(e1);
+                ouser = null;
+            }
+            if (ouser == null) {
+                return Result.err(Result.ERR_Policy, "Requesting User must exist in %s", org.getName());
+            }
+
+            // Set Email from most current Sponsor
+
+            CSRMeta csrMeta;
+            try {
+                csrMeta = BCFactory.createPersonalCSRMeta(ca, trans.user(), ouser.email());
+                X509andChain x509ac = ca.sign(trans, csrMeta);
+                if (x509ac == null) {
+                    return Result.err(Result.ERR_ActionNotCompleted, "x509 Certificate not signed by CA");
+                }
+                X509Certificate x509 = x509ac.getX509();
+                CertDAO.Data cdd = new CertDAO.Data();
+                cdd.ca = ca.getName();
+                cdd.serial = x509.getSerialNumber();
+                cdd.id = trans.user();
+                cdd.x500 = x509.getSubjectDN().getName();
+                cdd.x509 = Factory.toString(trans, x509);
+                certDAO.create(trans, cdd);
+
+                CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
+                return Result.ok(cr);
+            } catch (Exception e) {
+                trans.error().log(e);
+                return Result.err(Result.ERR_ActionNotCompleted, e.getMessage());
+            }
+        } else {
+            return Result.err(Result.ERR_Denied, trans.user(), " not supported for CA", ca.getName());
+        }
+    }
+
+    ///////////////
+    // Artifact
+    //////////////
+    public Result<Void> createArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
+        CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+        for (ArtiDAO.Data add : list) {
+            try {
+                // Policy 1: MechID must exist in Org
+                Identity muser = trans.org().getIdentity(trans, add.mechid);
+                if (muser == null) {
+                    return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
+                }
+
+                // Policy 2: MechID must have valid Organization Owner
+                Identity emailUser;
+                if (muser.isPerson()) {
+                    emailUser = muser;
+                } else {
+                    Identity ouser = muser.responsibleTo();
+                    if (ouser == null) {
+                        return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(),
+                                add.mechid, trans.org().getName());
+                    }
+
+                    // Policy 3: Calling ID must be MechID Owner
+                    if (!trans.user().startsWith(ouser.id())) {
+                        return Result.err(Result.ERR_Denied, "%s is not the Sponsor for %s at %s", trans.user(),
+                                add.mechid, trans.org().getName());
+                    }
+                    emailUser = ouser;
+                }
+
+                // Policy 4: Renewal Days are between 10 and 60 (constants, may be
+                // parameterized)
+                if (add.renewDays < MIN_RENEWAL) {
+                    add.renewDays = STD_RENEWAL;
+                } else if (add.renewDays > MAX_RENEWAL) {
+                    add.renewDays = MAX_RENEWAL;
+                }
+
+                // Policy 5: If Notify is blank, set to Owner's Email
+                if (add.notify == null || add.notify.length() == 0) {
+                    add.notify = "mailto:" + emailUser.email();
+                }
+
+                // Policy 6: Only do Domain by Exception
+                if (add.machine.startsWith("*")) { // Domain set
+                    CA ca = certman.getCA(add.ca);
+
+                    if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
+                        return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
+                                add.machine);
+                    }
+                }
+
+                // Set Sponsor from Golden Source
+                add.sponsor = emailUser.fullID();
+
+            } catch (OrganizationException e) {
+                return Result.err(e);
+            }
+            // Add to DB
+            Result<ArtiDAO.Data> rv = artiDAO.create(trans, add);
+            // TODO come up with Partial Reporting Scheme, or allow only one at a time.
+            if (rv.notOK()) {
+                return Result.err(rv);
+            }
+        }
+        return Result.ok();
+    }
+
+    public Result<List<ArtiDAO.Data>> readArtifacts(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
+        CertmanValidator v = new CertmanValidator().keys(add);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+        Result<List<ArtiDAO.Data>> data = artiDAO.read(trans, add);
+        if (data.notOKorIsEmpty()) {
+            return data;
+        }
+        add = data.value.get(0);
+        if (trans.user().equals(add.mechid) 
+                || trans.fish(root_read_permission,
+                              new AAFPermission(add.ns,ACCESS, "*", "read"),
+                              new AAFPermission(add.ns,CERTMAN, add.ca, "read"),
+                              new AAFPermission(add.ns,CERTMAN, add.ca, "request"))
+                || (trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, add.mechid)) == null) {
+            return data;
+        } else {
+            return Result.err(Result.ERR_Denied,
+                    "%s is not %s, is not the sponsor, and doesn't have delegated permission.", trans.user(),
+                    add.mechid, add.ns + ".certman|" + add.ca + "|read or ...|request"); // note: reason is set by 2nd
+                                                                                            // case, if 1st case misses
+        }
+
+    }
+
+    public Result<List<ArtiDAO.Data>> readArtifactsByMechID(AuthzTrans trans, String mechid)
+            throws OrganizationException {
+        CertmanValidator v = new CertmanValidator();
+        v.nullOrBlank("mechid", mechid);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+        String ns = FQI.reverseDomain(mechid);
+
+        String reason;
+        if (trans.fish(new AAFPermission(ns, ACCESS, "*", "read"))
+                || (reason = trans.org().validate(trans, Organization.Policy.OWNS_MECHID, null, mechid)) == null) {
+            return artiDAO.readByMechID(trans, mechid);
+        } else {
+            return Result.err(Result.ERR_Denied, reason); // note: reason is set by 2nd case, if 1st case misses
+        }
+
+    }
+
+    public Result<List<ArtiDAO.Data>> readArtifactsByMachine(AuthzTrans trans, String machine) {
+        CertmanValidator v = new CertmanValidator();
+        v.nullOrBlank("machine", machine);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+
+        // TODO do some checks?
+
+        Result<List<ArtiDAO.Data>> rv = artiDAO.readByMachine(trans, machine);
+        return rv;
+    }
+
+    public Result<List<ArtiDAO.Data>> readArtifactsByNs(AuthzTrans trans, String ns) {
+        CertmanValidator v = new CertmanValidator();
+        v.nullOrBlank("ns", ns);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+
+        // TODO do some checks?
+
+        return artiDAO.readByNs(trans, ns);
+    }
+
+    public Result<Void> updateArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) throws OrganizationException {
+        CertmanValidator v = new CertmanValidator();
+        v.artisRequired(list, 1);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+
+        // Check if requesting User is Sponsor
+        // TODO - Shall we do one, or multiples?
+        for (ArtiDAO.Data add : list) {
+            // Policy 1: MechID must exist in Org
+            Identity muser = trans.org().getIdentity(trans, add.mechid);
+            if (muser == null) {
+                return Result.err(Result.ERR_Denied, "%s is not valid for %s", add.mechid, trans.org().getName());
+            }
+
+            // Policy 2: MechID must have valid Organization Owner
+            Identity ouser = muser.responsibleTo();
+            if (ouser == null) {
+                return Result.err(Result.ERR_Denied, "%s is not a valid Sponsor for %s at %s", trans.user(), add.mechid,
+                        trans.org().getName());
+            }
+
+            // Policy 3: Renewal Days are between 10 and 60 (constants, may be
+            // parameterized)
+            if (add.renewDays < MIN_RENEWAL) {
+                add.renewDays = STD_RENEWAL;
+            } else if (add.renewDays > MAX_RENEWAL) {
+                add.renewDays = MAX_RENEWAL;
+            }
+
+            // Policy 4: Data is always updated with the latest Sponsor
+            // Add to Sponsor, to make sure we are always up to date.
+            add.sponsor = ouser.fullID();
+
+            // Policy 5: If Notify is blank, set to Owner's Email
+            if (add.notify == null || add.notify.length() == 0) {
+                add.notify = "mailto:" + ouser.email();
+            }
+            // Policy 6: Only do Domain by Exception
+            if (add.machine.startsWith("*")) { // Domain set
+                CA ca = certman.getCA(add.ca);
+                if (ca == null) {
+                    return Result.err(Result.ERR_BadData, "CA is required in Artifact");
+                }
+                if (!trans.fish(new AAFPermission(null,ca.getPermType(), add.ca, DOMAIN))) {
+                    return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
+                            add.machine);
+                }
+            }
+
+            // Policy 7: only Owner may update info
+            if (trans.user().startsWith(ouser.id())) {
+                return artiDAO.update(trans, add);
+            } else {
+                return Result.err(Result.ERR_Denied, "%s may not update info for %s", trans.user(), muser.fullID());
+            }
+        }
+        return Result.err(Result.ERR_BadData, "No Artifacts to update");
+    }
+
+    public Result<Void> deleteArtifact(AuthzTrans trans, String mechid, String machine) throws OrganizationException {
+        CertmanValidator v = new CertmanValidator();
+        v.nullOrBlank("mechid", mechid).nullOrBlank("machine", machine);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+
+        Result<List<ArtiDAO.Data>> rlad = artiDAO.read(trans, mechid, machine);
+        if (rlad.notOKorIsEmpty()) {
+            return Result.err(Result.ERR_NotFound, "Artifact for %s %s does not exist.", mechid, machine);
+        }
+
+        return deleteArtifact(trans, rlad.value.get(0));
+    }
+
+    private Result<Void> deleteArtifact(AuthzTrans trans, ArtiDAO.Data add) throws OrganizationException {
+        // Policy 1: Record should be delete able only by Existing Sponsor.
+        String sponsor = null;
+        Identity muser = trans.org().getIdentity(trans, add.mechid);
+        if (muser != null) {
+            Identity ouser = muser.responsibleTo();
+            if (ouser != null) {
+                sponsor = ouser.fullID();
+            }
+        }
+        // Policy 1.a: If Sponsorship is deleted in system of Record, then
+        // accept deletion by sponsor in Artifact Table
+        if (sponsor == null) {
+            sponsor = add.sponsor;
+        }
+
+        String ns = FQI.reverseDomain(add.mechid);
+
+        if (trans.fish(new AAFPermission(ns,ACCESS, "*", "write")) || trans.user().equals(sponsor)) {
+            return artiDAO.delete(trans, add, false);
+        }
+        return Result.err(Result.ERR_Denied, "%1 is not allowed to delete this item", trans.user());
+    }
+
+    public Result<Void> deleteArtifact(AuthzTrans trans, List<ArtiDAO.Data> list) {
+        CertmanValidator v = new CertmanValidator().artisRequired(list, 1);
+        if (v.err()) {
+            return Result.err(Result.ERR_BadData, v.errs());
+        }
+
+        try {
+            boolean partial = false;
+            Result<Void> result = null;
+            for (ArtiDAO.Data add : list) {
+                result = deleteArtifact(trans, add);
+                if (result.notOK()) {
+                    partial = true;
+                }
+            }
+            if (result == null) {
+                result = Result.err(Result.ERR_BadData, "No Artifacts to delete");
+            } else if (partial) {
+                result.partialContent(true);
+            }
+            return result;
+        } catch (Exception e) {
+            return Result.err(e);
+        }
+    }
+
+    private String[] compileNotes(List<String> notes) {
+        String[] rv;
+        if (notes == null) {
+            rv = NO_NOTES;
+        } else {
+            rv = new String[notes.size()];
+            notes.toArray(rv);
+        }
+        return rv;
+    }
+
+    private ByteBuffer getChallenge256SaltedHash(String challenge, int salt) throws NoSuchAlgorithmException {
+        ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + challenge.length());
+        bb.putInt(salt);
+        bb.put(challenge.getBytes());
+        byte[] hash = Hash.hashSHA256(bb.array());
+        return ByteBuffer.wrap(hash);
+    }
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java
index ce2ca065..a6663ad7 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/Code.java
@@ -28,18 +28,18 @@ import org.onap.aaf.auth.rserv.HttpCode;
 
 public abstract class Code extends HttpCode<AuthzTrans,Facade1_0> implements Cloneable {
 
-	public Code(AAF_CM cma, String description, String ... roles) {
-		super(cma.facade1_0, description, roles);
-		// Note, the first "Code" will be created with default Facade, "JSON".
-		// use clone for another Code with XML
-	}
-	
+    public Code(AAF_CM cma, String description, String ... roles) {
+        super(cma.facade1_0, description, roles);
+        // Note, the first "Code" will be created with default Facade, "JSON".
+        // use clone for another Code with XML
+    }
+    
 
-	public <D extends Code> D clone(Facade1_0 facade) throws Exception {
-		@SuppressWarnings("unchecked")
-		D d = (D)clone();
-		d.context = facade;
-		return d;
-	}
+    public <D extends Code> D clone(Facade1_0 facade) throws Exception {
+        @SuppressWarnings("unchecked")
+        D d = (D)clone();
+        d.context = facade;
+        return d;
+    }
 
 }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
index d3ce0ace..ea97dd0d 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
@@ -37,85 +37,85 @@ import org.onap.aaf.auth.validation.Validator;
  *
  */
 public class CertmanValidator extends Validator{
-	// Repeated Msg fragments
-	private static final String MECHID = "mechid";
-	private static final String MACHINE = "machine";
-	private static final String ARTIFACT_LIST_IS_NULL = "Artifact List is null.";
-	private static final String Y = "y.";
-	private static final String IES = "ies.";
-	private static final String ENTR = " entr";
-	private static final String MUST_HAVE_AT_LEAST = " must have at least ";
-	private static final String IS_NULL = " is null.";
-	private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
+    // Repeated Msg fragments
+    private static final String MECHID = "mechid";
+    private static final String MACHINE = "machine";
+    private static final String ARTIFACT_LIST_IS_NULL = "Artifact List is null.";
+    private static final String Y = "y.";
+    private static final String IES = "ies.";
+    private static final String ENTR = " entr";
+    private static final String MUST_HAVE_AT_LEAST = " must have at least ";
+    private static final String IS_NULL = " is null.";
+    private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
 
-	public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
-		if(list==null) {
-			msg(name + IS_NULL);
-		} else {
-			if(list.size()<min) {
-				msg(name + MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
-			} else {
-				for(String s : list) {
-					nullOrBlank("List Item",s);
-				}
-			}
-		}
-		return this;
-	}
+    public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
+        if(list==null) {
+            msg(name + IS_NULL);
+        } else {
+            if(list.size()<min) {
+                msg(name + MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
+            } else {
+                for(String s : list) {
+                    nullOrBlank("List Item",s);
+                }
+            }
+        }
+        return this;
+    }
 
-	public CertmanValidator artisRequired(List<ArtiDAO.Data> list, int min) {
-		if(list==null) {
-			msg(ARTIFACT_LIST_IS_NULL);
-		} else {
-			if(list.size()<min) {
-				msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
-			} else {
-				for(ArtiDAO.Data a : list) {
-					allRequired(a);
-				}
-			}
-		}
-		return this;
-	}
+    public CertmanValidator artisRequired(List<ArtiDAO.Data> list, int min) {
+        if(list==null) {
+            msg(ARTIFACT_LIST_IS_NULL);
+        } else {
+            if(list.size()<min) {
+                msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
+            } else {
+                for(ArtiDAO.Data a : list) {
+                    allRequired(a);
+                }
+            }
+        }
+        return this;
+    }
 
-	public CertmanValidator artisKeys(List<ArtiDAO.Data> list, int min) {
-		if(list==null) {
-			msg(ARTIFACT_LIST_IS_NULL);
-		} else {
-			if(list.size()<min) {
-				msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
-			} else {
-				for(ArtiDAO.Data a : list) {
-					keys(a);
-				}
-			}
-		}
-		return this;
-	}
+    public CertmanValidator artisKeys(List<ArtiDAO.Data> list, int min) {
+        if(list==null) {
+            msg(ARTIFACT_LIST_IS_NULL);
+        } else {
+            if(list.size()<min) {
+                msg(ARTIFACTS_MUST_HAVE_AT_LEAST + min + ENTR + (min==1?Y:IES));
+            } else {
+                for(ArtiDAO.Data a : list) {
+                    keys(a);
+                }
+            }
+        }
+        return this;
+    }
 
 
-	public CertmanValidator keys(ArtiDAO.Data add) {
-		if(add==null) {
-			msg("Artifact is null.");
-		} else {
-			nullOrBlank(MECHID, add.mechid);
-			nullOrBlank(MACHINE, add.machine);
-		}
-		return this;
-	}
-	
-	private CertmanValidator allRequired(Data a) {
-		if(a==null) {
-			msg("Artifact is null.");
-		} else {
-			nullOrBlank(MECHID, a.mechid);
-			nullOrBlank(MACHINE, a.machine);
-			nullOrBlank("ca",a.ca);
-			nullOrBlank("dir",a.dir);
-			nullOrBlank("os_user",a.os_user);
-			// Note: AppName, Notify & Sponsor are currently not required
-		}
-		return this;
-	}
+    public CertmanValidator keys(ArtiDAO.Data add) {
+        if(add==null) {
+            msg("Artifact is null.");
+        } else {
+            nullOrBlank(MECHID, add.mechid);
+            nullOrBlank(MACHINE, add.machine);
+        }
+        return this;
+    }
+    
+    private CertmanValidator allRequired(Data a) {
+        if(a==null) {
+            msg("Artifact is null.");
+        } else {
+            nullOrBlank(MECHID, a.mechid);
+            nullOrBlank(MACHINE, a.machine);
+            nullOrBlank("ca",a.ca);
+            nullOrBlank("dir",a.dir);
+            nullOrBlank("os_user",a.os_user);
+            // Note: AppName, Notify & Sponsor are currently not required
+        }
+        return this;
+    }
 
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java
index f50190d3..fc450bef 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java
@@ -41,67 +41,67 @@ import org.onap.aaf.auth.env.AuthzTrans;
 
 @RunWith(MockitoJUnitRunner.class)
 public class JU_API_Artifact {
-	
-	@Mock
-	private static API_Artifact api;
-	
-	@Mock
-	private static AAF_CM certManApi;
-	
-	private static AAF_CM noMockAPI;
-	private static API_Artifact api_1;
-	
-	private static HttpServletRequest req;
-	private static HttpServletResponse res;
-	
-	@BeforeClass
-	public static void setUp() {
-		AuthzTrans trans = mock(AuthzTrans.class);
-		req = mock(HttpServletRequest.class);
-		trans.setProperty("testTag", "UserValue");
-		trans.set(req);
-	}
-	
-	@Rule
+    
+    @Mock
+    private static API_Artifact api;
+    
+    @Mock
+    private static AAF_CM certManApi;
+    
+    private static AAF_CM noMockAPI;
+    private static API_Artifact api_1;
+    
+    private static HttpServletRequest req;
+    private static HttpServletResponse res;
+    
+    @BeforeClass
+    public static void setUp() {
+        AuthzTrans trans = mock(AuthzTrans.class);
+        req = mock(HttpServletRequest.class);
+        trans.setProperty("testTag", "UserValue");
+        trans.set(req);
+    }
+    
+    @Rule
     public ExpectedException thrown= ExpectedException.none();
-	
-	@Test
-	public void init_bothValued() {
-		try {
-			api.init(certManApi);
-		} catch (Exception e) {
-			thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_Null_() {
-		try {
-			api.init(null);
-		} catch (Exception e) {
-			//thrown.expect(Exception.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_NMC_Null() {
-		try {
-			api_1.init(null);
-		} catch (Exception e) {
-			//thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_NMC() {
-		try {
-			api_1.init(noMockAPI);
-		} catch (Exception e) {
-			//thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
+    
+    @Test
+    public void init_bothValued() {
+        try {
+            api.init(certManApi);
+        } catch (Exception e) {
+            thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_Null_() {
+        try {
+            api.init(null);
+        } catch (Exception e) {
+            //thrown.expect(Exception.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_NMC_Null() {
+        try {
+            api_1.init(null);
+        } catch (Exception e) {
+            //thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_NMC() {
+        try {
+            api_1.init(noMockAPI);
+        } catch (Exception e) {
+            //thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java
index dbd66e41..f42a02a9 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java
@@ -41,67 +41,67 @@ import org.onap.aaf.auth.env.AuthzTrans;
 
 @RunWith(MockitoJUnitRunner.class)
 public class JU_API_Cert {
-	
-	@Mock
-	private static API_Cert api;
-	
-	@Mock
-	private static AAF_CM certManApi;
-	
-	private static AAF_CM noMockAPI;
-	private static API_Cert api_1;
-	
-	private static HttpServletRequest req;
-	private static HttpServletResponse res;
-	
-	@BeforeClass
-	public static void setUp() {
-		AuthzTrans trans = mock(AuthzTrans.class);
-		req = mock(HttpServletRequest.class);
-		trans.setProperty("testTag", "UserValue");
-		trans.set(req);
-	}
-	
-	@Rule
+    
+    @Mock
+    private static API_Cert api;
+    
+    @Mock
+    private static AAF_CM certManApi;
+    
+    private static AAF_CM noMockAPI;
+    private static API_Cert api_1;
+    
+    private static HttpServletRequest req;
+    private static HttpServletResponse res;
+    
+    @BeforeClass
+    public static void setUp() {
+        AuthzTrans trans = mock(AuthzTrans.class);
+        req = mock(HttpServletRequest.class);
+        trans.setProperty("testTag", "UserValue");
+        trans.set(req);
+    }
+    
+    @Rule
     public ExpectedException thrown= ExpectedException.none();
-	
-	@Test
-	public void init_bothValued() {
-		try {
-			api.init(certManApi);
-		} catch (Exception e) {
-			//thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_Null_() {
-		try {
-			api.init(null);
-		} catch (Exception e) {
-			//thrown.expect(Exception.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_NMC_Null() {
-		try {
-			api_1.init(null);
-		} catch (Exception e) {
-			//thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void init_NMC() {
-		try {
-			api_1.init(noMockAPI);
-		} catch (Exception e) {
-			//thrown.expect(NullPointerException.class);
-			e.printStackTrace();
-		}
-	}
+    
+    @Test
+    public void init_bothValued() {
+        try {
+            api.init(certManApi);
+        } catch (Exception e) {
+            //thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_Null_() {
+        try {
+            api.init(null);
+        } catch (Exception e) {
+            //thrown.expect(Exception.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_NMC_Null() {
+        try {
+            api_1.init(null);
+        } catch (Exception e) {
+            //thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void init_NMC() {
+        try {
+            api_1.init(noMockAPI);
+        } catch (Exception e) {
+            //thrown.expect(NullPointerException.class);
+            e.printStackTrace();
+        }
+    }
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java
index 1ab0f4bd..1c38a8ed 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/ca/JU_AppCA.java
@@ -60,223 +60,223 @@ import org.onap.aaf.misc.env.Trans;
 //TODO: Gabe [JUnit] Import does not exist
 @RunWith(MockitoJUnitRunner.class)
 public class JU_AppCA {
-	
-	@Mock
-	private static CachedCertDAO certDAO;
-	
-	@Mock
-	private static HttpServletRequest req;
-	
-	@Mock
-	private static CSRMeta csrMeta;
-	
-	static Trans trans;
-	
-	static X509andChain cert1;
-	static byte [] name = {1,23,4,54,6,56};
-	
-	private static LocalCA localCA;
-	
-	@BeforeClass
-	public static void setUp() throws CertificateException, CertException, IOException {
-		String str = "core java api";
+    
+    @Mock
+    private static CachedCertDAO certDAO;
+    
+    @Mock
+    private static HttpServletRequest req;
+    
+    @Mock
+    private static CSRMeta csrMeta;
+    
+    static Trans trans;
+    
+    static X509andChain cert1;
+    static byte [] name = {1,23,4,54,6,56};
+    
+    private static LocalCA localCA;
+    
+    @BeforeClass
+    public static void setUp() throws CertificateException, CertException, IOException {
+        String str = "core java api";
         byte[] b = str.getBytes();
-		Principal prc = new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US");
-		req = mock(HttpServletRequest.class);
-		localCA = mock(LocalCA.class);
-		X509Certificate cert = new X509Certificate() {
-			
-			@Override
-			public boolean hasUnsupportedCriticalExtension() {
-				return false;
-			}
-			
-			@Override
-			public Set<String> getNonCriticalExtensionOIDs() {
-				 
-				return null;
-			}
-			
-			@Override
-			public byte[] getExtensionValue(String oid) {
-				 
-				return null;
-			}
-			
-			@Override
-			public Set<String> getCriticalExtensionOIDs() {
-				 
-				return null;
-			}
-			
-			@Override
-			public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException,
-					InvalidKeyException, NoSuchProviderException, SignatureException {
-				 
-				
-			}
-			
-			@Override
-			public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
-					NoSuchProviderException, SignatureException {
-				 
-				
-			}
-			
-			@Override
-			public String toString() {
-				 
-				return null;
-			}
-			
-			@Override
-			public PublicKey getPublicKey() {
-				 
-				return null;
-			}
-			
-			@Override
-			public byte[] getEncoded() throws CertificateEncodingException {
-				 
-				return null;
-			}
-			
-			@Override
-			public int getVersion() {
-				 
-				return 0;
-			}
-			
-			@Override
-			public byte[] getTBSCertificate() throws CertificateEncodingException {
-				 
-				return null;
-			}
-			
-			@Override
-			public boolean[] getSubjectUniqueID() {
-				 
-				return null;
-			}
-			
-			@Override
-			public Principal getSubjectDN() {
-				 
-				return null;
-			}
-			
-			@Override
-			public byte[] getSignature() {
-				 
-				return null;
-			}
-			
-			@Override
-			public byte[] getSigAlgParams() {
-				 
-				return null;
-			}
-			
-			@Override
-			public String getSigAlgOID() {
-				 
-				return null;
-			}
-			
-			@Override
-			public String getSigAlgName() {
-				 
-				return null;
-			}
-			
-			@Override
-			public BigInteger getSerialNumber() {
-				 
-				return null;
-			}
-			
-			@Override
-			public Date getNotBefore() {
-				 
-				return null;
-			}
-			
-			@Override
-			public Date getNotAfter() {
-				 
-				return null;
-			}
-			
-			@Override
-			public boolean[] getKeyUsage() {
-				 
-				return null;
-			}
-			
-			@Override
-			public boolean[] getIssuerUniqueID() {
-				 
-				return null;
-			}
-			
-			@Override
-			public Principal getIssuerDN() {
-				 
-				return null;
-			}
-			
-			@Override
-			public int getBasicConstraints() {
-				 
-				return 0;
-			}
-			
-			@Override
-			public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
-				 
-				
-			}
-			
-			@Override
-			public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
-				
-			}
-		};
-		X509andChain xac = new X509andChain(cert, new ArrayList<>());
-		when(localCA.sign(Mockito.any(Trans.class), Mockito.any(CSRMeta.class))).thenReturn(xac);
-		certDAO = mock(CachedCertDAO.class, CALLS_REAL_METHODS);
-	}
-	
-	@Test
-	public void identity_True() throws CertificateException, IOException, CertException {
-		assertNotNull(localCA.sign(trans, csrMeta));
-	}
-	
-	
-	@Test
-	public void identityNull() throws CertificateException {
-		try {
-			assertNotNull(localCA.sign(null, csrMeta));
-		} catch (IOException e) {
-		
-			e.printStackTrace();
-		} catch (CertException e) {
-			
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void identityBothNull() throws CertificateException {
-		try {
-			assertNotNull(localCA.sign(null, null));
-		} catch (IOException e) {
-		
-			e.printStackTrace();
-		} catch (CertException e) {
-			
-			e.printStackTrace();
-		}
-	}
+        Principal prc = new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US");
+        req = mock(HttpServletRequest.class);
+        localCA = mock(LocalCA.class);
+        X509Certificate cert = new X509Certificate() {
+            
+            @Override
+            public boolean hasUnsupportedCriticalExtension() {
+                return false;
+            }
+            
+            @Override
+            public Set<String> getNonCriticalExtensionOIDs() {
+                 
+                return null;
+            }
+            
+            @Override
+            public byte[] getExtensionValue(String oid) {
+                 
+                return null;
+            }
+            
+            @Override
+            public Set<String> getCriticalExtensionOIDs() {
+                 
+                return null;
+            }
+            
+            @Override
+            public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException,
+                    InvalidKeyException, NoSuchProviderException, SignatureException {
+                 
+                
+            }
+            
+            @Override
+            public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+                    NoSuchProviderException, SignatureException {
+                 
+                
+            }
+            
+            @Override
+            public String toString() {
+                 
+                return null;
+            }
+            
+            @Override
+            public PublicKey getPublicKey() {
+                 
+                return null;
+            }
+            
+            @Override
+            public byte[] getEncoded() throws CertificateEncodingException {
+                 
+                return null;
+            }
+            
+            @Override
+            public int getVersion() {
+                 
+                return 0;
+            }
+            
+            @Override
+            public byte[] getTBSCertificate() throws CertificateEncodingException {
+                 
+                return null;
+            }
+            
+            @Override
+            public boolean[] getSubjectUniqueID() {
+                 
+                return null;
+            }
+            
+            @Override
+            public Principal getSubjectDN() {
+                 
+                return null;
+            }
+            
+            @Override
+            public byte[] getSignature() {
+                 
+                return null;
+            }
+            
+            @Override
+            public byte[] getSigAlgParams() {
+                 
+                return null;
+            }
+            
+            @Override
+            public String getSigAlgOID() {
+                 
+                return null;
+            }
+            
+            @Override
+            public String getSigAlgName() {
+                 
+                return null;
+            }
+            
+            @Override
+            public BigInteger getSerialNumber() {
+                 
+                return null;
+            }
+            
+            @Override
+            public Date getNotBefore() {
+                 
+                return null;
+            }
+            
+            @Override
+            public Date getNotAfter() {
+                 
+                return null;
+            }
+            
+            @Override
+            public boolean[] getKeyUsage() {
+                 
+                return null;
+            }
+            
+            @Override
+            public boolean[] getIssuerUniqueID() {
+                 
+                return null;
+            }
+            
+            @Override
+            public Principal getIssuerDN() {
+                 
+                return null;
+            }
+            
+            @Override
+            public int getBasicConstraints() {
+                 
+                return 0;
+            }
+            
+            @Override
+            public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
+                 
+                
+            }
+            
+            @Override
+            public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
+                
+            }
+        };
+        X509andChain xac = new X509andChain(cert, new ArrayList<>());
+        when(localCA.sign(Mockito.any(Trans.class), Mockito.any(CSRMeta.class))).thenReturn(xac);
+        certDAO = mock(CachedCertDAO.class, CALLS_REAL_METHODS);
+    }
+    
+    @Test
+    public void identity_True() throws CertificateException, IOException, CertException {
+        assertNotNull(localCA.sign(trans, csrMeta));
+    }
+    
+    
+    @Test
+    public void identityNull() throws CertificateException {
+        try {
+            assertNotNull(localCA.sign(null, csrMeta));
+        } catch (IOException e) {
+        
+            e.printStackTrace();
+        } catch (CertException e) {
+            
+            e.printStackTrace();
+        }
+    }
+    
+    @Test
+    public void identityBothNull() throws CertificateException {
+        try {
+            assertNotNull(localCA.sign(null, null));
+        } catch (IOException e) {
+        
+            e.printStackTrace();
+        } catch (CertException e) {
+            
+            e.printStackTrace();
+        }
+    }
 
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java
index 337bc9ed..eae37640 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/cert/JU_BCFactory.java
@@ -47,82 +47,82 @@ import org.onap.aaf.misc.env.Trans;
 
 @RunWith(MockitoJUnitRunner.class)
 public class JU_BCFactory {
-	
-	private static BCFactory bcFactory = new BCFactory();
-	
-	private static BCFactory bcFact;
-	
-	private static PrivateKey pk;
-	
-	
-	private static Trans trans;
-	
-	
-	private static PKCS10CertificationRequest req;
-	
-	@BeforeClass
-	public static void setUp() throws IOException {
-		pk = new XYZKey();
-		trans = mock(Trans.class);
-		req = mock(PKCS10CertificationRequest.class);
-		when(req.getEncoded()).thenReturn(new byte[1]);
-		when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken(null, 0) {
-			
-			@Override
-			public void output(StringBuilder sb) {
-				// TODO Auto-generated method stub
-				
-			}
-		});
-		bcFact = mock(BCFactory.class);
-	}
-	
-	@Test
-	public void toStrin() throws OperatorCreationException, IOException, CertException {
-		assertNotNull(bcFactory.toString(req));
-	}
-	
-	@Test
-	public void toStrinMoc() throws OperatorCreationException, IOException, CertException {
-		assertNotNull(bcFact.toString(req));
-	}
-	
-	@Rule
+    
+    private static BCFactory bcFactory = new BCFactory();
+    
+    private static BCFactory bcFact;
+    
+    private static PrivateKey pk;
+    
+    
+    private static Trans trans;
+    
+    
+    private static PKCS10CertificationRequest req;
+    
+    @BeforeClass
+    public static void setUp() throws IOException {
+        pk = new XYZKey();
+        trans = mock(Trans.class);
+        req = mock(PKCS10CertificationRequest.class);
+        when(req.getEncoded()).thenReturn(new byte[1]);
+        when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken(null, 0) {
+            
+            @Override
+            public void output(StringBuilder sb) {
+                // TODO Auto-generated method stub
+                
+            }
+        });
+        bcFact = mock(BCFactory.class);
+    }
+    
+    @Test
+    public void toStrin() throws OperatorCreationException, IOException, CertException {
+        assertNotNull(bcFactory.toString(req));
+    }
+    
+    @Test
+    public void toStrinMoc() throws OperatorCreationException, IOException, CertException {
+        assertNotNull(bcFact.toString(req));
+    }
+    
+    @Rule
     public ExpectedException thrown= ExpectedException.none();
-	
-	@Test
-	public void toCSR()  {
-		try {
-			assertNotNull(bcFactory.toCSR(trans, new File("/random/path")));
-			thrown.expect(FileNotFoundException.class);
-		} catch (IOException e) {
-			
-			e.printStackTrace();
-		}
-	}
-	
+    
+    @Test
+    public void toCSR()  {
+        try {
+            assertNotNull(bcFactory.toCSR(trans, new File("/random/path")));
+            thrown.expect(FileNotFoundException.class);
+        } catch (IOException e) {
+            
+            e.printStackTrace();
+        }
+    }
+    
 }
 
 class XYZKey implements Key, PublicKey, PrivateKey {
-	
-	int rotValue;
-	public XYZKey() {
-		rotValue = 1200213;
-	}
-	public String getAlgorithm() {
-		return "XYZ";
-	}
+    
+    int rotValue;
+    public XYZKey() {
+        rotValue = 1200213;
+    }
+    public String getAlgorithm() {
+        return "XYZ";
+    }
 
-	public String getFormat() {
-		return "XYZ Special Format";
-	}
+    public String getFormat() {
+        return "XYZ Special Format";
+    }
 
-	public byte[] getEncoded() {
-		byte b[] = new byte[4];
-		b[3] = (byte) ((rotValue << 24) & 0xff);
-		b[2] = (byte) ((rotValue << 16) & 0xff);
-		b[1] = (byte) ((rotValue << 8) & 0xff);
-		b[0] = (byte) ((rotValue << 0) & 0xff);
-		return b;
-	}
+    public byte[] getEncoded() {
+        byte b[] = new byte[4];
+        b[3] = (byte) ((rotValue << 24) & 0xff);
+        b[2] = (byte) ((rotValue << 16) & 0xff);
+        b[1] = (byte) ((rotValue << 8) & 0xff);
+        b[0] = (byte) ((rotValue << 0) & 0xff);
+        return b;
+    }
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
index 27ac04e5..48f5f1b6 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/facade/JU_FacadeImpl.java
@@ -52,134 +52,134 @@ import org.onap.aaf.misc.env.TimeTaken;
 
 @RunWith(MockitoJUnitRunner.class)
 public class JU_FacadeImpl<REQ,CERT,ARTIFACTS,ERROR> {
-	
-	private static AuthzTrans trans;
-	private static HttpServletResponse resp;
-	private static AAF_CM certman;
-	private static FacadeImpl hImpl;
-	private static CMService service;
-	private Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper;
-	private Data.TYPE dataType;
-	private static AuthzEnv env;
-	
-	private static FacadeImpl fImpl;
-	private static HttpServletRequest req;
-	
-	@Before
-	public void setUp() throws APIException, IOException {
-		fImpl = mock(FacadeImpl.class);
-		env = mock(AuthzEnv.class);
-		resp = mock(HttpServletResponse.class);
-		req = mock(HttpServletRequest.class);
-		hImpl = mock(FacadeImpl.class, CALLS_REAL_METHODS);
-		Result<Void> rvd = (Result) mock(Result.class);
-		trans = mock(AuthzTrans.class);
-		when(trans.error()).thenReturn(new LogTarget() {
-			
-			@Override
-			public void printf(String fmt, Object... vars) {}
-			
-			@Override
-			public void log(Throwable e, Object... msgs) {
-				e.getMessage();
-				e.printStackTrace();
-				msgs.toString();
-				
-			}
-			
-			@Override
-			public void log(Object... msgs) {
-			}
-			
-			@Override
-			public boolean isLoggable() {
-				
-				return false;
-			}
-		});
-		when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken("Now", 1) {
-			
-			@Override
-			public void output(StringBuilder sb) {
-				
-			}
-		});
-		when(fImpl.check(Mockito.any(AuthzTrans.class), Mockito.any(HttpServletResponse.class), Mockito.anyString())).thenReturn(rvd);
-		when(resp.getOutputStream()).thenReturn(new ServletOutputStream() {
-			
-			@Override
-			public void write(int b) throws IOException {
-				
-				
-			}
-		});
-		
-	}
-	
-	@Test
-	public void check() throws IOException {
-		AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
-		String perms = ap.getInstance();
-		assertNotNull(hImpl.check(trans, resp, perms));
-	}
-	
-	@Test
-	public void checkNull() throws IOException {
-		AAFPermission ap = new AAFPermission(null,null,"Str3","str2");
-		String perms = ap.getInstance();
-		assertNotNull(hImpl.check(trans, resp, perms));
-	}
-	
-	@Test
-	public void checkTwoNull() throws IOException {
-		AAFPermission ap = new AAFPermission(null,null,null,"str2");
-		String perms = ap.getInstance();
-		assertNotNull(fImpl.check(trans, resp, perms));
-	}
-	
-	@Test
-	public void checkAllNull() throws IOException {
-		AAFPermission ap = new AAFPermission(null,null,null,null);
-		String perms = ap.getInstance();
-		assertNotNull(fImpl.check(trans, resp, perms));
-	}
-	
-	@Test
-	public void checkTrans_null() throws IOException {
-		AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
-		String perms = ap.getInstance();
-		assertNotNull(hImpl.check(null, resp, perms));
-	}
-	
-	@Test
-	public void checkRespNull() throws IOException {
-		AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
-		String perms = ap.getInstance();
-		assertNotNull(hImpl.check(trans, null, perms));
-	}
-	
-	@Test
-	public void requestCert() {		
-		assertNotNull(hImpl.requestCert(trans, req, resp, null));
-	}
-	
-	@Test
-	public void renewCert() {		
-		assertNotNull(hImpl.renewCert(trans, req, resp, true));
-	}
-	
-	@Test
-	public void dropCert() {		
-		assertNotNull(hImpl.renewCert(trans, req, resp, true));
-	}
-	
-	@Test
-	public void createArtifacts() {		
-		assertNotNull(hImpl.createArtifacts(trans, req, resp));
-	}
-	
-	@Test
-	public void readArtifacts() {		
-		assertNotNull(hImpl.readArtifacts(trans, req, resp));
-	}
+    
+    private static AuthzTrans trans;
+    private static HttpServletResponse resp;
+    private static AAF_CM certman;
+    private static FacadeImpl hImpl;
+    private static CMService service;
+    private Mapper<REQ,CERT,ARTIFACTS,ERROR> mapper;
+    private Data.TYPE dataType;
+    private static AuthzEnv env;
+    
+    private static FacadeImpl fImpl;
+    private static HttpServletRequest req;
+    
+    @Before
+    public void setUp() throws APIException, IOException {
+        fImpl = mock(FacadeImpl.class);
+        env = mock(AuthzEnv.class);
+        resp = mock(HttpServletResponse.class);
+        req = mock(HttpServletRequest.class);
+        hImpl = mock(FacadeImpl.class, CALLS_REAL_METHODS);
+        Result<Void> rvd = (Result) mock(Result.class);
+        trans = mock(AuthzTrans.class);
+        when(trans.error()).thenReturn(new LogTarget() {
+            
+            @Override
+            public void printf(String fmt, Object... vars) {}
+            
+            @Override
+            public void log(Throwable e, Object... msgs) {
+                e.getMessage();
+                e.printStackTrace();
+                msgs.toString();
+                
+            }
+            
+            @Override
+            public void log(Object... msgs) {
+            }
+            
+            @Override
+            public boolean isLoggable() {
+                
+                return false;
+            }
+        });
+        when(trans.start(Mockito.anyString(), Mockito.anyInt())).thenReturn(new TimeTaken("Now", 1) {
+            
+            @Override
+            public void output(StringBuilder sb) {
+                
+            }
+        });
+        when(fImpl.check(Mockito.any(AuthzTrans.class), Mockito.any(HttpServletResponse.class), Mockito.anyString())).thenReturn(rvd);
+        when(resp.getOutputStream()).thenReturn(new ServletOutputStream() {
+            
+            @Override
+            public void write(int b) throws IOException {
+                
+                
+            }
+        });
+        
+    }
+    
+    @Test
+    public void check() throws IOException {
+        AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
+        String perms = ap.getInstance();
+        assertNotNull(hImpl.check(trans, resp, perms));
+    }
+    
+    @Test
+    public void checkNull() throws IOException {
+        AAFPermission ap = new AAFPermission(null,null,"Str3","str2");
+        String perms = ap.getInstance();
+        assertNotNull(hImpl.check(trans, resp, perms));
+    }
+    
+    @Test
+    public void checkTwoNull() throws IOException {
+        AAFPermission ap = new AAFPermission(null,null,null,"str2");
+        String perms = ap.getInstance();
+        assertNotNull(fImpl.check(trans, resp, perms));
+    }
+    
+    @Test
+    public void checkAllNull() throws IOException {
+        AAFPermission ap = new AAFPermission(null,null,null,null);
+        String perms = ap.getInstance();
+        assertNotNull(fImpl.check(trans, resp, perms));
+    }
+    
+    @Test
+    public void checkTrans_null() throws IOException {
+        AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
+        String perms = ap.getInstance();
+        assertNotNull(hImpl.check(null, resp, perms));
+    }
+    
+    @Test
+    public void checkRespNull() throws IOException {
+        AAFPermission ap = new AAFPermission("str0","str1","str3","str2");
+        String perms = ap.getInstance();
+        assertNotNull(hImpl.check(trans, null, perms));
+    }
+    
+    @Test
+    public void requestCert() {        
+        assertNotNull(hImpl.requestCert(trans, req, resp, null));
+    }
+    
+    @Test
+    public void renewCert() {        
+        assertNotNull(hImpl.renewCert(trans, req, resp, true));
+    }
+    
+    @Test
+    public void dropCert() {        
+        assertNotNull(hImpl.renewCert(trans, req, resp, true));
+    }
+    
+    @Test
+    public void createArtifacts() {        
+        assertNotNull(hImpl.createArtifacts(trans, req, resp));
+    }
+    
+    @Test
+    public void readArtifacts() {        
+        assertNotNull(hImpl.readArtifacts(trans, req, resp));
+    }
 }
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
index a8f9934a..90875dab 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/test/CertmanTest.java
@@ -58,109 +58,109 @@ import junit.framework.Assert;
 
 public class CertmanTest {
 
-	private static HMangr hman;
-	private static AuthzEnv env;
-	private static HBasicAuthSS ss;
-	private static RosettaDF<CertificateRequest> reqDF;
-	private static RosettaDF<CertInfo> certDF;
+    private static HMangr hman;
+    private static AuthzEnv env;
+    private static HBasicAuthSS ss;
+    private static RosettaDF<CertificateRequest> reqDF;
+    private static RosettaDF<CertInfo> certDF;
 
-	@BeforeClass
-	public static void setUpBeforeClass() throws Exception {
-		env = new AuthzEnv();
-//		InputStream ris = env.classLoader().getResource("certman.props").openStream();
-//		try {
-//			env.load(ris);
-//		} finally {
-//			ris.close();
-//		}
+    @BeforeClass
+    public static void setUpBeforeClass() throws Exception {
+        env = new AuthzEnv();
+//        InputStream ris = env.classLoader().getResource("certman.props").openStream();
+//        try {
+//            env.load(ris);
+//        } finally {
+//            ris.close();
+//        }
 //
-//		Locator<URI> loc = new DNSLocator(env, "https", "aaf.it.att.com", "8150");
-//		for(Item item = loc.first(); item!=null; item=loc.next(item)) {
-//			System.out.println(loc.get(item));
-//		}
-//		
-//		
-//		SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(env, HttpURLConnection.class);
-//		ss = new HBasicAuthSS(si,"m12345@aaf.att.com", 
-//				env.decrypt("enc:gvptdJyo0iKdVZw2rzMb0woxa7YKMdqLuhfQ4OQfZ8k",false));
-//				env.decrypt("enc:jFfAnO3mOKb9Gzm2OFysslmXpbnyuAxuoNJK",false), si);
-//					SecuritySetter<HttpURLConnection> ss = new X509SS(si, "aaf");
-		
-//		hman = new HMangr(env,loc);
+//        Locator<URI> loc = new DNSLocator(env, "https", "aaf.it.att.com", "8150");
+//        for(Item item = loc.first(); item!=null; item=loc.next(item)) {
+//            System.out.println(loc.get(item));
+//        }
+//        
+//        
+//        SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(env, HttpURLConnection.class);
+//        ss = new HBasicAuthSS(si,"m12345@aaf.att.com", 
+//                env.decrypt("enc:gvptdJyo0iKdVZw2rzMb0woxa7YKMdqLuhfQ4OQfZ8k",false));
+//                env.decrypt("enc:jFfAnO3mOKb9Gzm2OFysslmXpbnyuAxuoNJK",false), si);
+//                    SecuritySetter<HttpURLConnection> ss = new X509SS(si, "aaf");
+        
+//        hman = new HMangr(env,loc);
 //
-//		reqDF = env.newDataFactory(CertificateRequest.class);
-//		reqDF.out(TYPE.JSON);
-//		certDF = env.newDataFactory(CertInfo.class);
-	}
+//        reqDF = env.newDataFactory(CertificateRequest.class);
+//        reqDF.out(TYPE.JSON);
+//        certDF = env.newDataFactory(CertInfo.class);
+    }
 
-//	@AfterClass
-//	public static void tearDownAfterClass() throws Exception {
-//		hman.close();
-//	}
+//    @AfterClass
+//    public static void tearDownAfterClass() throws Exception {
+//        hman.close();
+//    }
 
-	@Before
-	public void setUp() throws Exception {
+    @Before
+    public void setUp() throws Exception {
 
-	}
+    }
 
-	@After
-	public void tearDown() throws Exception {
-	}
+    @After
+    public void tearDown() throws Exception {
+    }
 
-//	@Test
-//	public void testX500Name() throws Exception {
-//		
-//		for( InetAddress ia : InetAddress.getAllByName("aaf.dev.att.com")) {
-//			System.out.printf("%s - %s\n", ia.getHostName(), ia.getHostAddress());
-//			InetAddress ia1 = InetAddress.getByName(ia.getHostAddress());
-//			System.out.printf("%s - %s\n", ia1.getHostName(), ia1.getHostAddress());
-//		}
-//		
-//		hman.best(ss, new Retryable<Void>() {
-//			@Override
-//			public Void code(Rcli<?> client) throws APIException, CadiException {
-//				CertificateRequest cr = new CertificateRequest();
-//				cr.setMechid("a12345@org.osaaf.org");
-//				cr.setSponsor("something");
-//				cr.getFqdns().add("mithrilcsp.sbc.com");
-//				cr.getFqdns().add("zld01907.vci.att.com");
-//				cr.getFqdns().add("aaftest.test.att.com");
-//				
-//				String path = "/cert/local"; // Local Test
-////				String path = "/cert/aaf"; // Official CA
-//				long end=0,start = System.nanoTime();
-//				try {
-//					System.out.println(reqDF.newData().option(Data.PRETTY).load(cr).asString());
-//					Future<String> f = client.updateRespondString(path, reqDF, cr);
-//					if(f.get(10000)) {
-//						end = System.nanoTime();
-//						System.out.println(f.body());
-//						CertInfo capi = certDF.newData().in(Data.TYPE.JSON).load(f.body()).asObject();
-//						for(String c :capi.getCerts()) {
-//							for( java.security.cert.Certificate x509 : Factory.toX509Certificate(c)) {
-//								System.out.println(x509.toString());
-//							}
-//						}
-//					} else {
-//						end = System.nanoTime();
-//						String msg = "Client returned " + f.code() + ": " + f.body();
-//						System.out.println(msg);
-//						Assert.fail(msg);
-//					}
-//				} catch (CertificateException e) {
-//					throw new CadiException(e);
-//				} finally {
-//					System.out.println(Chrono.millisFromNanos(start,end) + " ms");
-//				}
-//				return null;
-//			}
-//		});
-//		
-//		
-//	}
+//    @Test
+//    public void testX500Name() throws Exception {
+//        
+//        for( InetAddress ia : InetAddress.getAllByName("aaf.dev.att.com")) {
+//            System.out.printf("%s - %s\n", ia.getHostName(), ia.getHostAddress());
+//            InetAddress ia1 = InetAddress.getByName(ia.getHostAddress());
+//            System.out.printf("%s - %s\n", ia1.getHostName(), ia1.getHostAddress());
+//        }
+//        
+//        hman.best(ss, new Retryable<Void>() {
+//            @Override
+//            public Void code(Rcli<?> client) throws APIException, CadiException {
+//                CertificateRequest cr = new CertificateRequest();
+//                cr.setMechid("a12345@org.osaaf.org");
+//                cr.setSponsor("something");
+//                cr.getFqdns().add("mithrilcsp.sbc.com");
+//                cr.getFqdns().add("zld01907.vci.att.com");
+//                cr.getFqdns().add("aaftest.test.att.com");
+//                
+//                String path = "/cert/local"; // Local Test
+////                String path = "/cert/aaf"; // Official CA
+//                long end=0,start = System.nanoTime();
+//                try {
+//                    System.out.println(reqDF.newData().option(Data.PRETTY).load(cr).asString());
+//                    Future<String> f = client.updateRespondString(path, reqDF, cr);
+//                    if(f.get(10000)) {
+//                        end = System.nanoTime();
+//                        System.out.println(f.body());
+//                        CertInfo capi = certDF.newData().in(Data.TYPE.JSON).load(f.body()).asObject();
+//                        for(String c :capi.getCerts()) {
+//                            for( java.security.cert.Certificate x509 : Factory.toX509Certificate(c)) {
+//                                System.out.println(x509.toString());
+//                            }
+//                        }
+//                    } else {
+//                        end = System.nanoTime();
+//                        String msg = "Client returned " + f.code() + ": " + f.body();
+//                        System.out.println(msg);
+//                        Assert.fail(msg);
+//                    }
+//                } catch (CertificateException e) {
+//                    throw new CadiException(e);
+//                } finally {
+//                    System.out.println(Chrono.millisFromNanos(start,end) + " ms");
+//                }
+//                return null;
+//            }
+//        });
+//        
+//        
+//    }
 //
-//	public X500Principal ephemeral() {
-//		return null;
-//	}
-	
+//    public X500Principal ephemeral() {
+//        return null;
+//    }
+    
 }
-- 
cgit 1.2.3-korg