2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
21 package org.onap.aaf.auth.batch.temp;
23 import java.io.IOException;
24 import java.nio.ByteBuffer;
25 import java.security.SecureRandom;
26 import java.security.cert.Certificate;
27 import java.security.cert.X509Certificate;
28 import java.util.ArrayList;
29 import java.util.Collection;
30 import java.util.Date;
31 import java.util.Iterator;
32 import java.util.List;
34 import java.util.TreeMap;
36 import org.onap.aaf.auth.batch.Batch;
37 import org.onap.aaf.auth.batch.BatchPrincipal;
38 import org.onap.aaf.auth.batch.helpers.CQLBatch;
39 import org.onap.aaf.auth.batch.helpers.CQLBatchLoop;
40 import org.onap.aaf.auth.dao.cass.CredDAO;
41 import org.onap.aaf.auth.env.AuthzTrans;
42 import org.onap.aaf.auth.org.OrganizationException;
43 import org.onap.aaf.cadi.Hash;
44 import org.onap.aaf.cadi.configure.Factory;
45 import org.onap.aaf.misc.env.APIException;
46 import org.onap.aaf.misc.env.Env;
47 import org.onap.aaf.misc.env.TimeTaken;
49 import com.datastax.driver.core.ResultSet;
50 import com.datastax.driver.core.Row;
52 public class DataMigrateDublin extends Batch {
53 private final SecureRandom sr;
54 private final AuthzTrans noAvg;
56 public DataMigrateDublin(AuthzTrans trans) throws APIException, IOException, OrganizationException {
58 trans.info().log("Starting Connection Process");
60 noAvg = env.newTransNoAvg();
61 noAvg.setUser(new BatchPrincipal("Migrate"));
63 TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
65 TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
67 session = cluster.connect();
75 sr = new SecureRandom();
79 protected void run(AuthzTrans trans) {
80 ///////////////////////////
81 trans.info().log("Add UniqueTag to Passwords");
83 CQLBatchLoop cbl = new CQLBatchLoop(new CQLBatch(noAvg.info(),session), 50, dryRun);
85 ResultSet rs = session.execute("SELECT id,type,expires,cred,tag FROM authz.cred");
86 Iterator<Row> iter = rs.iterator();
89 byte[] babytes = new byte[6];
90 Map<String, List<CredInfo>> mlci = new TreeMap<>();
91 Map<String, String> ba_tag = new TreeMap<>();
92 while(iter.hasNext()) {
95 String tag = row.getString(4);
96 int type = row.getInt(1);
98 case CredDAO.BASIC_AUTH:
99 case CredDAO.BASIC_AUTH_SHA256:
100 String key = row.getString(0) + '|' + type + '|' + Hash.toHex(row.getBytesUnsafe(3).array());
101 String btag = ba_tag.get(key);
103 if(tag==null || tag.isEmpty()) {
104 sr.nextBytes(babytes);
105 btag = Hash.toHexNo0x(babytes);
109 ba_tag.put(key, btag);
112 if(!btag.equals(tag)) {
114 update(cbl,row,btag);
117 case CredDAO.CERT_SHA256_RSA:
118 if(tag==null || tag.isEmpty()) {
119 String id = row.getString(0);
120 List<CredInfo> ld = mlci.get(id);
122 ld = new ArrayList<>();
125 ld.add(new CredInfo(id,row.getInt(1),row.getTimestamp(2)));
131 trans.info().printf("Processes %d cred records, updated %d records in %d batches.", count, cbl.total(), cbl.batches());
136 trans.info().log("Add Serial to X509 Creds");
137 rs = session.execute("SELECT ca, id, x509 FROM authz.x509");
138 iter = rs.iterator();
139 while(iter.hasNext()) {
142 String ca = row.getString(0);
143 String id = row.getString(1);
144 List<CredInfo> list = mlci.get(id);
146 ByteBuffer bb = row.getBytesUnsafe(2);
148 Collection<? extends Certificate> x509s = Factory.toX509Certificate(bb.array());
149 for(Certificate c : x509s) {
150 X509Certificate xc = (X509Certificate)c;
151 for(CredInfo ci : list) {
152 if(xc.getNotAfter().equals(ci.expires)) {
154 ci.update(cbl, ca + '|' + xc.getSerialNumber());
163 trans.info().printf("Processed %d x509 records, updated %d records in %d batches.", count, cbl.total(), cbl.batches());
165 } catch (Exception e) {
166 trans.error().log(e);
170 private static class CredInfo {
171 public final String id;
172 public final int type;
173 public final Date expires;
175 public CredInfo(String id, int type, Date expires) {
178 this.expires = expires;
181 public void update(CQLBatchLoop cbl, String newtag) {
182 StringBuilder sb = cbl.inc();
183 sb.append("UPDATE authz.cred SET tag='");
185 sb.append("' WHERE id='");
187 sb.append("' AND type=");
189 sb.append(" AND expires=dateof(maxtimeuuid(");
190 sb.append(expires.getTime());
195 private void update(CQLBatchLoop cbl, Row row, String newtag) {
196 StringBuilder sb = cbl.inc();
197 sb.append("UPDATE authz.cred SET tag='");
199 sb.append("' WHERE id='");
200 sb.append(row.getString(0));
201 sb.append("' AND type=");
202 sb.append(row.getInt(1));
203 sb.append(" AND expires=dateof(maxtimeuuid(");
204 Date lc = row.getTimestamp(2);
205 sb.append(lc.getTime());
210 protected void _close(AuthzTrans trans) {
211 trans.info().log("End " + this.getClass().getSimpleName() + " processing" );