2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.batch.reports;
25 import java.io.IOException;
26 import java.util.Date;
27 import java.util.HashMap;
29 import java.util.TreeMap;
31 import org.onap.aaf.auth.batch.Batch;
32 import org.onap.aaf.auth.batch.helpers.Cred;
33 import org.onap.aaf.auth.batch.helpers.Cred.Instance;
34 import org.onap.aaf.auth.batch.helpers.UserRole;
35 import org.onap.aaf.auth.env.AuthzTrans;
36 import org.onap.aaf.auth.org.Organization;
37 import org.onap.aaf.auth.org.Organization.Identity;
38 import org.onap.aaf.auth.org.OrganizationException;
39 import org.onap.aaf.cadi.util.CSV;
40 import org.onap.aaf.cadi.util.CSV.Writer;
41 import org.onap.aaf.misc.env.APIException;
42 import org.onap.aaf.misc.env.Env;
43 import org.onap.aaf.misc.env.TimeTaken;
44 import org.onap.aaf.misc.env.util.Chrono;
47 public class NotInOrg extends Batch {
49 private static final String NOT_IN_ORG = "NotInOrg";
50 private static final String CSV = ".csv";
51 private static final String INFO = "info";
52 private Map<String, CSV.Writer> writerList;
53 private Map<String, CSV.Writer> whichWriter;
55 private Writer notInOrgW;
56 private Writer notInOrgDeleteW;
58 public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
60 trans.info().log("Starting Connection Process");
62 TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
64 TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
66 session = cluster.connect();
71 // Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway
72 Cred.load(trans, session);
74 // Create Intermediate Output
75 writerList = new HashMap<>();
76 whichWriter = new TreeMap<>();
79 String sdate = Chrono.dateOnlyStamp(now);
80 File file = new File(logDir(),NOT_IN_ORG + sdate +CSV);
81 CSV csv = new CSV(env.access(),file);
82 notInOrgW = csv.writer(false);
83 notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
84 writerList.put(NOT_IN_ORG,notInOrgW);
86 // These will have been double-checked by the Organization, and can be deleted immediately.
87 String fn = NOT_IN_ORG+"Delete";
88 file = new File(logDir(),fn + sdate +CSV);
89 CSV csvDelete = new CSV(env.access(),file);
90 notInOrgDeleteW = csvDelete.writer(false);
91 notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
92 writerList.put(NOT_IN_ORG,notInOrgW);
100 protected void run(AuthzTrans trans) {
102 Map<String,Boolean> checked = new TreeMap<String, Boolean>();
103 trans.info().log("Process Organization Identities");
104 trans.info().log("User Roles");
106 final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
107 UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
109 if(!check(transNoAvg, checked, ur.user())) {
110 ur.row(whichWriter(transNoAvg,ur.user()),UserRole.UR);
112 } catch (OrganizationException e) {
113 trans.error().log(e, "Error Decrypting X509");
117 trans.info().log("Checking for Creds without IDs");
119 for (Cred cred : Cred.data.values()) {
120 if(!check(transNoAvg,checked, cred.id)) {
121 CSV.Writer cw = whichWriter(transNoAvg, cred.id);
122 for(Instance inst : cred.instances) {
129 * Do we delete now? Or work on Revocation semantics
131 trans.info().log("Checking for X509s without IDs");
132 X509.load(trans, session, new Visitor<X509>() {
134 public void visit(X509 x509) {
136 for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
137 X509Certificate xc = (X509Certificate)cert;
139 if(!check(transNoAvg,checked, (X))) {
140 x509.row(notInOrgW,);
143 } catch (CertificateException | IOException e) {
144 trans.error().log(e, "Error Decrypting X509");
149 } catch (OrganizationException e) {
155 private Writer whichWriter(AuthzTrans transNoAvg, String id) {
156 Writer w = whichWriter.get(id);
158 w = org.mayAutoDelete(transNoAvg, id)?
161 whichWriter.put(id,w);
166 private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
167 Boolean rv = checked.get(id);
169 if(isSpecial(id)) { // do not check against org... too important to delete.
172 Organization org = trans.org();
174 Identity identity = org.getIdentity(trans, id);
178 throw new OrganizationException("No Organization Found for " + id + ": required for processing");
186 protected void _close(AuthzTrans trans) {
188 for(CSV.Writer cw : writerList.values()) {