auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.batch.reports;
  23
  24 import java.io.File;
  25 import java.io.IOException;
  26 import java.util.Date;
  27 import java.util.HashMap;
  28 import java.util.Map;
  29 import java.util.TreeMap;
  30
  31 import org.onap.aaf.auth.batch.Batch;
  32 import org.onap.aaf.auth.batch.helpers.Cred;
  33 import org.onap.aaf.auth.batch.helpers.Cred.Instance;
  34 import org.onap.aaf.auth.batch.helpers.UserRole;
  35 import org.onap.aaf.auth.batch.helpers.Visitor;
  36 import org.onap.aaf.auth.env.AuthzTrans;
  37 import org.onap.aaf.auth.org.Organization;
  38 import org.onap.aaf.auth.org.Organization.Identity;
  39 import org.onap.aaf.auth.org.OrganizationException;
  40 import org.onap.aaf.cadi.util.CSV;
  41 import org.onap.aaf.cadi.util.CSV.Writer;
  42 import org.onap.aaf.misc.env.APIException;
  43 import org.onap.aaf.misc.env.Env;
  44 import org.onap.aaf.misc.env.TimeTaken;
  45 import org.onap.aaf.misc.env.util.Chrono;
  46
  47
  48 public class NotInOrg extends Batch {
  49
  50         private static final String NOT_IN_ORG = "NotInOrg";
  51         private static final String CSV = ".csv";
  52         private static final String INFO = "info";
  53         private Map<String, CSV.Writer> writerList;
  54         private Map<String, CSV.Writer> whichWriter;
  55         private Date now;
  56         private Writer notInOrgW;
  57         private Writer notInOrgDeleteW;
  58
  59         public NotInOrg(AuthzTrans trans) throws APIException, IOException, OrganizationException {
  60         super(trans.env());
  61         trans.info().log("Starting Connection Process");
  62
  63         TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
  64         try {
  65             TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
  66             try {
  67                 session = cluster.connect();
  68             } finally {
  69                 tt.done();
  70             }
  71
  72             // Load Cred.  We don't follow Visitor, because we have to gather up everything into Identity Anyway
  73             Cred.load(trans, session);
  74
  75             // Create Intermediate Output
  76             writerList = new HashMap<>();
  77             whichWriter = new TreeMap<>();
  78
  79             now = new Date();
  80             String sdate = Chrono.dateOnlyStamp(now);
  81                 File file = new File(logDir(),NOT_IN_ORG + sdate +CSV);
  82             CSV csv = new CSV(env.access(),file);
  83             notInOrgW = csv.writer(false);
  84             notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
  85             writerList.put(NOT_IN_ORG,notInOrgW);
  86
  87             // These will have been double-checked by the Organization, and can be deleted immediately.
  88             String fn = NOT_IN_ORG+"Delete";
  89             file = new File(logDir(),fn + sdate +CSV);
  90             CSV csvDelete = new CSV(env.access(),file);
  91             notInOrgDeleteW = csvDelete.writer(false);
  92             notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
  93             writerList.put(NOT_IN_ORG,notInOrgW);
  94
  95         } finally {
  96             tt0.done();
  97         }
  98     }
  99
 100     @Override
 101     protected void run(AuthzTrans trans) {
 102                 try {
 103                         Map<String,Boolean> checked = new TreeMap<String, Boolean>();
 104                         trans.info().log("Process Organization Identities");
 105                         trans.info().log("User Roles");
 106
 107                         final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
 108                         UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
 109                                 try {
 110                                         if(!check(transNoAvg, checked, ur.user())) {
 111                                                 ur.row(whichWriter(transNoAvg,ur.user()));
 112                                         }
 113                                 } catch (OrganizationException e) {
 114                                         trans.error().log(e, "Error Decrypting X509");
 115                                 }
 116                         });
 117
 118                         trans.info().log("Checking for Creds without IDs");
 119
 120                         for (Cred cred : Cred.data.values()) {
 121                                 if(!check(transNoAvg,checked, cred.id)) {
 122                                         CSV.Writer cw = whichWriter(transNoAvg, cred.id);
 123                                         for(Instance inst : cred.instances) {
 124                                                 cred.row(cw, inst);
 125                                         }
 126                                 }
 127                         }
 128
 129                         /*
 130                          * Do we delete now?  Or work on Revocation semantics
 131                          *
 132                         trans.info().log("Checking for X509s without IDs");
 133                         X509.load(trans, session, new Visitor<X509>() {
 134                                 @Override
 135                                 public void visit(X509 x509) {
 136                                         try {
 137                                                 for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
 138                                                         X509Certificate xc = (X509Certificate)cert;
 139                                                         xc.getSubjectDN();
 140                                                         if(!check(transNoAvg,checked, (X))) {
 141                                                                 x509.row(notInOrgW,);
 142                                                         }
 143                                                 }
 144                                         } catch (CertificateException | IOException e) {
 145                                                 trans.error().log(e, "Error Decrypting X509");
 146                                         }
 147                                 }
 148                         });
 149                          */
 150                 } catch (OrganizationException e) {
 151                         trans.info().log(e);
 152                 }
 153         }
 154
 155
 156         private Writer whichWriter(AuthzTrans transNoAvg, String id) {
 157                 Writer w = whichWriter.get(id);
 158                 if(w==null) {
 159                         w = org.mayAutoDelete(transNoAvg, id)?
 160                                         notInOrgDeleteW:
 161                                         notInOrgW;
 162                         whichWriter.put(id,w);
 163                 }
 164                 return w;
 165         }
 166
 167         private boolean check(AuthzTrans trans, Map<String, Boolean> checked, String id) throws OrganizationException {
 168                 Boolean rv = checked.get(id);
 169                 if(rv==null) {
 170                         if(isSpecial(id)) { // do not check against org... too important to delete.
 171                                 return true;
 172                         }
 173                         Organization org = trans.org();
 174                         if(org != null) {
 175                                 Identity identity = org.getIdentity(trans, id);
 176                                 rv = identity!=null;
 177                                 checked.put(id, rv);
 178                         } else {
 179                                 throw new OrganizationException("No Organization Found for " + id + ": required for processing");
 180                         }
 181                 }
 182                 return rv;
 183         }
 184
 185
 186         @Override
 187     protected void _close(AuthzTrans trans) {
 188         session.close();
 189         for(CSV.Writer cw : writerList.values()) {
 190                 cw.close();
 191         }
 192     }
 193
 194 }