2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.batch.reports;
25 import java.io.IOException;
26 import java.util.Date;
27 import java.util.HashMap;
29 import java.util.TreeMap;
31 import org.onap.aaf.auth.batch.Batch;
32 import org.onap.aaf.auth.batch.helpers.Cred;
33 import org.onap.aaf.auth.batch.helpers.Cred.Instance;
34 import org.onap.aaf.auth.batch.helpers.UserRole;
35 import org.onap.aaf.auth.batch.helpers.Visitor;
36 import org.onap.aaf.auth.env.AuthzTrans;
37 import org.onap.aaf.auth.org.Organization;
38 import org.onap.aaf.auth.org.Organization.Identity;
39 import org.onap.aaf.auth.org.OrganizationException;
40 import org.onap.aaf.cadi.util.CSV;
41 import org.onap.aaf.cadi.util.CSV.Writer;
42 import org.onap.aaf.misc.env.APIException;
43 import org.onap.aaf.misc.env.Env;
44 import org.onap.aaf.misc.env.TimeTaken;
45 import org.onap.aaf.misc.env.util.Chrono;
48 public class NotInOrg extends Batch {
50 private static final String NOT_IN_ORG = "NotInOrg";
51 private static final String CSV = ".csv";
52 private static final String INFO = "info";
53 private Map<String, CSV.Writer> writerList;
54 private Map<String, CSV.Writer> whichWriter;
56 private Writer notInOrgW;
57 private Writer notInOrgDeleteW;
59 public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
61 trans.info().log("Starting Connection Process");
63 TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
65 TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
67 session = cluster.connect();
72 // Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway
73 Cred.load(trans, session);
75 // Create Intermediate Output
76 writerList = new HashMap<>();
77 whichWriter = new TreeMap<>();
80 String sdate = Chrono.dateOnlyStamp(now);
81 File file = new File(logDir(),NOT_IN_ORG + sdate +CSV);
82 CSV csv = new CSV(env.access(),file);
83 notInOrgW = csv.writer(false);
84 notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
85 writerList.put(NOT_IN_ORG,notInOrgW);
87 // These will have been double-checked by the Organization, and can be deleted immediately.
88 String fn = NOT_IN_ORG+"Delete";
89 file = new File(logDir(),fn + sdate +CSV);
90 CSV csvDelete = new CSV(env.access(),file);
91 notInOrgDeleteW = csvDelete.writer(false);
92 notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
93 writerList.put(NOT_IN_ORG,notInOrgW);
101 protected void run(AuthzTrans trans) {
103 Map<String,Boolean> checked = new TreeMap<String, Boolean>();
104 trans.info().log("Process Organization Identities");
105 trans.info().log("User Roles");
107 final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
108 UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
110 if(!check(transNoAvg, checked, ur.user())) {
111 ur.row(whichWriter(transNoAvg,ur.user()));
113 } catch (OrganizationException e) {
114 trans.error().log(e, "Error Decrypting X509");
118 trans.info().log("Checking for Creds without IDs");
120 for (Cred cred : Cred.data.values()) {
121 if(!check(transNoAvg,checked, cred.id)) {
122 CSV.Writer cw = whichWriter(transNoAvg, cred.id);
123 for(Instance inst : cred.instances) {
130 * Do we delete now? Or work on Revocation semantics
132 trans.info().log("Checking for X509s without IDs");
133 X509.load(trans, session, new Visitor<X509>() {
135 public void visit(X509 x509) {
137 for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
138 X509Certificate xc = (X509Certificate)cert;
140 if(!check(transNoAvg,checked, (X))) {
141 x509.row(notInOrgW,);
144 } catch (CertificateException | IOException e) {
145 trans.error().log(e, "Error Decrypting X509");
150 } catch (OrganizationException e) {
156 private Writer whichWriter(AuthzTrans transNoAvg, String id) {
157 Writer w = whichWriter.get(id);
159 w = org.mayAutoDelete(transNoAvg, id)?
162 whichWriter.put(id,w);
167 private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
168 Boolean rv = checked.get(id);
170 if(isSpecial(id)) { // do not check against org... too important to delete.
173 Organization org = trans.org();
175 Identity identity = org.getIdentity(trans, id);
179 throw new OrganizationException("No Organization Found for " + id + ": required for processing");
187 protected void _close(AuthzTrans trans) {
189 for(CSV.Writer cw : writerList.values()) {