auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.batch.reports;
  23
  24 import java.io.File;
  25 import java.io.IOException;
  26 import java.util.Date;
  27 import java.util.HashMap;
  28 import java.util.Map;
  29 import java.util.TreeMap;
  30
  31 import org.onap.aaf.auth.batch.Batch;
  32 import org.onap.aaf.auth.batch.helpers.Cred;
  33 import org.onap.aaf.auth.batch.helpers.Cred.Instance;
  34 import org.onap.aaf.auth.batch.helpers.UserRole;
  35 import org.onap.aaf.auth.batch.helpers.Visitor;
  36 import org.onap.aaf.auth.env.AuthzTrans;
  37 import org.onap.aaf.auth.org.Organization;
  38 import org.onap.aaf.auth.org.Organization.Identity;
  39 import org.onap.aaf.auth.org.OrganizationException;
  40 import org.onap.aaf.cadi.util.CSV;
  41 import org.onap.aaf.cadi.util.CSV.Writer;
  42 import org.onap.aaf.misc.env.APIException;
  43 import org.onap.aaf.misc.env.Env;
  44 import org.onap.aaf.misc.env.TimeTaken;
  45 import org.onap.aaf.misc.env.util.Chrono;
  46
  47
  48 public class NotInOrg extends Batch {
  49
  50         private static final String NOT_IN_ORG = "NotInOrg";
  51         private static final String CSV = ".csv";
  52         private static final String INFO = "info";
  53         private Map<String, CSV.Writer> writerList;
  54         private Map<String, CSV.Writer> whichWriter;
  55         private File logDir;
  56         private Date now;
  57         private Writer notInOrgW;
  58         private Writer notInOrgDeleteW;
  59
  60         public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
  61         super(trans.env());
  62         trans.info().log("Starting Connection Process");
  63
  64         TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
  65         try {
  66             TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
  67             try {
  68                 session = cluster.connect();
  69             } finally {
  70                 tt.done();
  71             }
  72
  73             // Load Cred.  We don't follow Visitor, because we have to gather up everything into Identity Anyway
  74             Cred.load(trans, session);
  75
  76             // Create Intermediate Output
  77             writerList = new HashMap<>();
  78             whichWriter = new TreeMap<>();
  79             logDir = new File(logDir());
  80             logDir.mkdirs();
  81
  82             now = new Date();
  83             String sdate = Chrono.dateOnlyStamp(now);
  84                 File file = new File(logDir,NOT_IN_ORG + sdate +CSV);
  85             CSV csv = new CSV(file);
  86             notInOrgW = csv.writer(false);
  87             notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
  88             writerList.put(NOT_IN_ORG,notInOrgW);
  89
  90             // These will have been double-checked by the Organization, and can be deleted immediately.
  91             String fn = NOT_IN_ORG+"Delete";
  92             file = new File(logDir,fn + sdate +CSV);
  93             CSV csvDelete = new CSV(file);
  94             notInOrgDeleteW = csvDelete.writer(false);
  95             notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
  96             writerList.put(NOT_IN_ORG,notInOrgW);
  97
  98         } finally {
  99             tt0.done();
 100         }
 101     }
 102
 103     @Override
 104     protected void run(AuthzTrans trans) {
 105                 try {
 106                         Map<String,Boolean> checked = new TreeMap<String, Boolean>();
 107                         trans.info().log("Process Organization Identities");
 108                         trans.info().log("User Roles");
 109
 110                         final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
 111                         UserRole.load(trans, session, UserRole.v2_0_11, new Visitor<UserRole>() {
 112                                 @Override
 113                                 public void visit(UserRole ur) {
 114                                         try {
 115                                                 if(!check(transNoAvg, checked, ur.user())) {
 116                                                         ur.row(whichWriter(transNoAvg,ur.user()));
 117                                                 }
 118                                         } catch (OrganizationException e) {
 119                                                 trans.error().log(e, "Error Decrypting X509");
 120                                         }
 121                                 }
 122                         });
 123
 124                         trans.info().log("Checking for Creds without IDs");
 125
 126                         for (Cred cred : Cred.data.values()) {
 127                                 if(!check(transNoAvg,checked, cred.id)) {
 128                                         CSV.Writer cw = whichWriter(transNoAvg, cred.id);
 129                                         for(Instance inst : cred.instances) {
 130                                                 cred.row(cw, inst);
 131                                         }
 132                                 }
 133                         }
 134
 135                         /*
 136                          * Do we delete now?  Or work on Revocation semantics
 137                          *
 138                         trans.info().log("Checking for X509s without IDs");
 139                         X509.load(trans, session, new Visitor<X509>() {
 140                                 @Override
 141                                 public void visit(X509 x509) {
 142                                         try {
 143                                                 for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
 144                                                         X509Certificate xc = (X509Certificate)cert;
 145                                                         xc.getSubjectDN();
 146                                                         if(!check(transNoAvg,checked, (X))) {
 147                                                                 x509.row(notInOrgW,);
 148                                                         }
 149                                                 }
 150                                         } catch (CertificateException | IOException e) {
 151                                                 trans.error().log(e, "Error Decrypting X509");
 152                                         }
 153                                 }
 154                         });
 155                          */
 156                 } catch (OrganizationException e) {
 157                         trans.info().log(e);
 158                 }
 159         }
 160
 161
 162         private Writer whichWriter(AuthzTrans transNoAvg, String id) {
 163                 Writer w = whichWriter.get(id);
 164                 if(w==null) {
 165                         w = org.mayAutoDelete(transNoAvg, id)?
 166                                         notInOrgDeleteW:
 167                                         notInOrgW;
 168                         whichWriter.put(id,w);
 169                 }
 170                 return w;
 171         }
 172
 173         private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
 174                 Boolean rv = checked.get(id);
 175                 if(rv==null) {
 176                         if(isSpecial(id)) { // do not check against org... too important to delete.
 177                                 return true;
 178                         }
 179                         Organization org = trans.org();
 180                         if(org != null) {
 181                                 Identity identity = org.getIdentity(trans, id);
 182                                 rv = identity!=null;
 183                                 checked.put(id, rv);
 184                         } else {
 185                                 throw new OrganizationException("No Organization Found for " + id + ": required for processing");
 186                         }
 187                 }
 188                 return rv;
 189         }
 190
 191
 192         @Override
 193     protected void _close(AuthzTrans trans) {
 194         session.close();
 195         for(CSV.Writer cw : writerList.values()) {
 196                 cw.close();
 197         }
 198     }
 199
 200 }