auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.batch.reports;
  23
  24 import java.io.File;
  25 import java.io.IOException;
  26 import java.util.Date;
  27 import java.util.HashMap;
  28 import java.util.Map;
  29 import java.util.TreeMap;
  30
  31 import org.onap.aaf.auth.batch.Batch;
  32 import org.onap.aaf.auth.batch.helpers.Cred;
  33 import org.onap.aaf.auth.batch.helpers.Cred.Instance;
  34 import org.onap.aaf.auth.batch.helpers.UserRole;
  35 import org.onap.aaf.auth.env.AuthzTrans;
  36 import org.onap.aaf.auth.org.Organization;
  37 import org.onap.aaf.auth.org.Organization.Identity;
  38 import org.onap.aaf.auth.org.OrganizationException;
  39 import org.onap.aaf.cadi.util.CSV;
  40 import org.onap.aaf.cadi.util.CSV.Writer;
  41 import org.onap.aaf.misc.env.APIException;
  42 import org.onap.aaf.misc.env.Env;
  43 import org.onap.aaf.misc.env.TimeTaken;
  44 import org.onap.aaf.misc.env.util.Chrono;
  45
  46
  47 public class NotInOrg extends Batch {
  48
  49         private static final String NOT_IN_ORG = "NotInOrg";
  50         private static final String CSV = ".csv";
  51         private static final String INFO = "info";
  52         private Map<String, CSV.Writer> writerList;
  53         private Map<String, CSV.Writer> whichWriter;
  54         private Date now;
  55         private Writer notInOrgW;
  56         private Writer notInOrgDeleteW;
  57
  58         public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
  59         super(trans.env());
  60         trans.info().log("Starting Connection Process");
  61
  62         TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
  63         try {
  64             TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
  65             try {
  66                 session = cluster.connect();
  67             } finally {
  68                 tt.done();
  69             }
  70
  71             // Load Cred.  We don't follow Visitor, because we have to gather up everything into Identity Anyway
  72             Cred.load(trans, session);
  73
  74             // Create Intermediate Output
  75             writerList = new HashMap<>();
  76             whichWriter = new TreeMap<>();
  77
  78             now = new Date();
  79             String sdate = Chrono.dateOnlyStamp(now);
  80                 File file = new File(logDir(),NOT_IN_ORG + sdate +CSV);
  81             CSV csv = new CSV(env.access(),file);
  82             notInOrgW = csv.writer(false);
  83             notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
  84             writerList.put(NOT_IN_ORG,notInOrgW);
  85
  86             // These will have been double-checked by the Organization, and can be deleted immediately.
  87             String fn = NOT_IN_ORG+"Delete";
  88             file = new File(logDir(),fn + sdate +CSV);
  89             CSV csvDelete = new CSV(env.access(),file);
  90             notInOrgDeleteW = csvDelete.writer(false);
  91             notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
  92             writerList.put(NOT_IN_ORG,notInOrgW);
  93
  94         } finally {
  95             tt0.done();
  96         }
  97     }
  98
  99     @Override
 100     protected void run(AuthzTrans trans) {
 101                 try {
 102                         Map<String,Boolean> checked = new TreeMap<String, Boolean>();
 103                         trans.info().log("Process Organization Identities");
 104                         trans.info().log("User Roles");
 105
 106                         final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
 107                         UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
 108                                 try {
 109                                         if(!check(transNoAvg, checked, ur.user())) {
 110                                                 ur.row(whichWriter(transNoAvg,ur.user()),UserRole.UR);
 111                                         }
 112                                 } catch (OrganizationException e) {
 113                                         trans.error().log(e, "Error Decrypting X509");
 114                                 }
 115                         });
 116
 117                         trans.info().log("Checking for Creds without IDs");
 118
 119                         for (Cred cred : Cred.data.values()) {
 120                                 if(!check(transNoAvg,checked, cred.id)) {
 121                                         CSV.Writer cw = whichWriter(transNoAvg, cred.id);
 122                                         for(Instance inst : cred.instances) {
 123                                                 cred.row(cw, inst);
 124                                         }
 125                                 }
 126                         }
 127
 128                         /*
 129                          * Do we delete now?  Or work on Revocation semantics
 130                          *
 131                         trans.info().log("Checking for X509s without IDs");
 132                         X509.load(trans, session, new Visitor<X509>() {
 133                                 @Override
 134                                 public void visit(X509 x509) {
 135                                         try {
 136                                                 for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
 137                                                         X509Certificate xc = (X509Certificate)cert;
 138                                                         xc.getSubjectDN();
 139                                                         if(!check(transNoAvg,checked, (X))) {
 140                                                                 x509.row(notInOrgW,);
 141                                                         }
 142                                                 }
 143                                         } catch (CertificateException | IOException e) {
 144                                                 trans.error().log(e, "Error Decrypting X509");
 145                                         }
 146                                 }
 147                         });
 148                          */
 149                 } catch (OrganizationException e) {
 150                         trans.info().log(e);
 151                 }
 152         }
 153
 154
 155         private Writer whichWriter(AuthzTrans transNoAvg, String id) {
 156                 Writer w = whichWriter.get(id);
 157                 if(w==null) {
 158                         w = org.mayAutoDelete(transNoAvg, id)?
 159                                         notInOrgDeleteW:
 160                                         notInOrgW;
 161                         whichWriter.put(id,w);
 162                 }
 163                 return w;
 164         }
 165
 166         private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
 167                 Boolean rv = checked.get(id);
 168                 if(rv==null) {
 169                         if(isSpecial(id)) { // do not check against org... too important to delete.
 170                                 return true;
 171                         }
 172                         Organization org = trans.org();
 173                         if(org != null) {
 174                                 Identity identity = org.getIdentity(trans, id);
 175                                 rv = identity!=null;
 176                                 checked.put(id, rv);
 177                         } else {
 178                                 throw new OrganizationException("No Organization Found for " + id + ": required for processing");
 179                         }
 180                 }
 181                 return rv;
 182         }
 183
 184
 185         @Override
 186     protected void _close(AuthzTrans trans) {
 187         session.close();
 188         for(CSV.Writer cw : writerList.values()) {
 189                 cw.close();
 190         }
 191     }
 192
 193 }