--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.reports;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.TreeMap;
+
+import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.batch.helpers.Cred;
+import org.onap.aaf.auth.batch.helpers.Cred.Instance;
+import org.onap.aaf.auth.batch.helpers.UserRole;
+import org.onap.aaf.auth.batch.helpers.Visitor;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.cadi.util.CSV.Writer;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.util.Chrono;
+
+
+public class NotInOrg extends Batch {
+
+ private static final String NOT_IN_ORG = "NotInOrg";
+ private static final String CSV = ".csv";
+ private static final String INFO = "info";
+ private Map<String, CSV.Writer> writerList;
+ private Map<String, CSV.Writer> whichWriter;
+ private File logDir;
+ private Date now;
+ private Writer notInOrgW;
+ private Writer notInOrgDeleteW;
+
+ public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ super(trans.env());
+ trans.info().log("Starting Connection Process");
+
+ TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+ try {
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ // Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway
+ Cred.load(trans, session);
+
+ // Create Intermediate Output
+ writerList = new HashMap<>();
+ whichWriter = new TreeMap<>();
+ logDir = new File(logDir());
+ logDir.mkdirs();
+
+ now = new Date();
+ String sdate = Chrono.dateOnlyStamp(now);
+ File file = new File(logDir,NOT_IN_ORG + sdate +CSV);
+ CSV csv = new CSV(file);
+ notInOrgW = csv.writer(false);
+ notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
+ writerList.put(NOT_IN_ORG,notInOrgW);
+
+ // These will have been double-checked by the Organization, and can be deleted immediately.
+ String fn = NOT_IN_ORG+"Delete";
+ file = new File(logDir,fn + sdate +CSV);
+ CSV csvDelete = new CSV(file);
+ notInOrgDeleteW = csvDelete.writer(false);
+ notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
+ writerList.put(NOT_IN_ORG,notInOrgW);
+
+ } finally {
+ tt0.done();
+ }
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ try {
+ Map<String,Boolean> checked = new TreeMap<String, Boolean>();
+ trans.info().log("Process Organization Identities");
+ trans.info().log("User Roles");
+
+ final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
+ UserRole.load(trans, session, UserRole.v2_0_11, new Visitor<UserRole>() {
+ @Override
+ public void visit(UserRole ur) {
+ try {
+ if(!check(transNoAvg, checked, ur.user())) {
+ ur.row(whichWriter(transNoAvg,ur.user()));
+ }
+ } catch (OrganizationException e) {
+ trans.error().log(e, "Error Decrypting X509");
+ }
+ }
+ });
+
+ trans.info().log("Checking for Creds without IDs");
+
+ for (Cred cred : Cred.data.values()) {
+ if(!check(transNoAvg,checked, cred.id)) {
+ CSV.Writer cw = whichWriter(transNoAvg, cred.id);
+ for(Instance inst : cred.instances) {
+ cred.row(cw, inst);
+ }
+ }
+ }
+
+ /*
+ * Do we delete now? Or work on Revocation semantics
+ *
+ trans.info().log("Checking for X509s without IDs");
+ X509.load(trans, session, new Visitor<X509>() {
+ @Override
+ public void visit(X509 x509) {
+ try {
+ for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
+ X509Certificate xc = (X509Certificate)cert;
+ xc.getSubjectDN();
+ if(!check(transNoAvg,checked, (X))) {
+ x509.row(notInOrgW,);
+ }
+ }
+ } catch (CertificateException | IOException e) {
+ trans.error().log(e, "Error Decrypting X509");
+ }
+ }
+ });
+ */
+ } catch (OrganizationException e) {
+ trans.info().log(e);
+ }
+ }
+
+
+ private Writer whichWriter(AuthzTrans transNoAvg, String id) {
+ Writer w = whichWriter.get(id);
+ if(w==null) {
+ w = org.mayAutoDelete(transNoAvg, id)?
+ notInOrgDeleteW:
+ notInOrgW;
+ whichWriter.put(id,w);
+ }
+ return w;
+ }
+
+ private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
+ Boolean rv = checked.get(id);
+ if(rv==null) {
+ if(isSpecial(id)) { // do not check against org... too important to delete.
+ return true;
+ }
+ Organization org = trans.org();
+ if(org != null) {
+ Identity identity = org.getIdentity(trans, id);
+ rv = identity!=null;
+ checked.put(id, rv);
+ } else {
+ throw new OrganizationException("No Organization Found for " + id + ": required for processing");
+ }
+ }
+ return rv;
+ }
+
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ for(CSV.Writer cw : writerList.values()) {
+ cw.close();
+ }
+ }
+
+}
Code Review / aaf / authz.git / blobdiff