auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/temp/DataMigrateDublin.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21 package org.onap.aaf.auth.batch.temp;
  22
  23 import java.io.IOException;
  24 import java.nio.ByteBuffer;
  25 import java.security.SecureRandom;
  26 import java.security.cert.Certificate;
  27 import java.security.cert.X509Certificate;
  28 import java.util.ArrayList;
  29 import java.util.Collection;
  30 import java.util.Date;
  31 import java.util.Iterator;
  32 import java.util.List;
  33 import java.util.Map;
  34 import java.util.TreeMap;
  35
  36 import org.onap.aaf.auth.batch.Batch;
  37 import org.onap.aaf.auth.batch.BatchPrincipal;
  38 import org.onap.aaf.auth.batch.helpers.CQLBatch;
  39 import org.onap.aaf.auth.batch.helpers.CQLBatchLoop;
  40 import org.onap.aaf.auth.dao.cass.CredDAO;
  41 import org.onap.aaf.auth.env.AuthzTrans;
  42 import org.onap.aaf.auth.org.OrganizationException;
  43 import org.onap.aaf.cadi.Hash;
  44 import org.onap.aaf.cadi.configure.Factory;
  45 import org.onap.aaf.misc.env.APIException;
  46 import org.onap.aaf.misc.env.Env;
  47 import org.onap.aaf.misc.env.TimeTaken;
  48
  49 import com.datastax.driver.core.ResultSet;
  50 import com.datastax.driver.core.Row;
  51
  52 public class DataMigrateDublin extends Batch {
  53     private final SecureRandom sr;
  54     private final AuthzTrans noAvg;
  55
  56     public DataMigrateDublin(AuthzTrans trans) throws APIException, IOException, OrganizationException {
  57         super(trans.env());
  58         trans.info().log("Starting Connection Process");
  59
  60         noAvg = env.newTransNoAvg();
  61         noAvg.setUser(new BatchPrincipal("Migrate"));
  62
  63         TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
  64         try {
  65             TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
  66             try {
  67                 session = cluster.connect();
  68             } finally {
  69                 tt.done();
  70             }
  71         } finally {
  72             tt0.done();
  73         }
  74
  75         sr = new SecureRandom();
  76     }
  77
  78     @Override
  79     protected void run(AuthzTrans trans) {
  80         ///////////////////////////
  81         trans.info().log("Add UniqueTag to Passwords");
  82
  83         CQLBatchLoop cbl = new CQLBatchLoop(new CQLBatch(noAvg.info(),session), 50, dryRun);
  84         try {
  85             ResultSet rs = session.execute("SELECT id,type,expires,cred,tag FROM authz.cred");
  86             Iterator<Row> iter = rs.iterator();
  87             Row row;
  88             int count = 0;
  89             byte[] babytes = new byte[6];
  90             Map<String, List<CredInfo>> mlci = new TreeMap<>();
  91             Map<String, String> ba_tag = new TreeMap<>();
  92             while(iter.hasNext()) {
  93                 ++count;
  94                 row = iter.next();
  95                 String tag = row.getString(4);
  96                 int type = row.getInt(1);
  97                 switch(type) {
  98                     case CredDAO.BASIC_AUTH:
  99                     case CredDAO.BASIC_AUTH_SHA256:
 100                         String key = row.getString(0) + '|' + type + '|' + Hash.toHex(row.getBytesUnsafe(3).array());
 101                         String btag = ba_tag.get(key);
 102                         if(btag == null) {
 103                             if(tag==null || tag.isEmpty()) {
 104                                 sr.nextBytes(babytes);
 105                                 btag = Hash.toHexNo0x(babytes);
 106                             } else {
 107                                 btag = tag;
 108                             }
 109                             ba_tag.put(key, btag);
 110                         }
 111
 112                         if(!btag.equals(tag)) {
 113                             update(cbl,row,btag);
 114                         }
 115                         break;
 116                     case CredDAO.CERT_SHA256_RSA:
 117                         if(tag==null || tag.isEmpty()) {
 118                             String id = row.getString(0);
 119                             List<CredInfo> ld = mlci.get(id);
 120                             if(ld==null) {
 121                                 ld = new ArrayList<>();
 122                                 mlci.put(id,ld);
 123                             }
 124                                ld.add(new CredInfo(id,row.getInt(1),row.getTimestamp(2)));
 125                         }
 126                             break;
 127                 }
 128             }
 129             cbl.flush();
 130             trans.info().printf("Processes %d cred records, updated %d records in %d batches.", count, cbl.total(), cbl.batches());
 131             count = 0;
 132
 133             cbl.reset();
 134
 135             trans.info().log("Add Serial to X509 Creds");
 136             rs = session.execute("SELECT ca, id, x509 FROM authz.x509");
 137             iter = rs.iterator();
 138             while(iter.hasNext()) {
 139                 ++count;
 140                 row = iter.next();
 141                 String ca = row.getString(0);
 142                 String id = row.getString(1);
 143                 List<CredInfo> list = mlci.get(id);
 144                 if(list!=null) {
 145                     ByteBuffer bb = row.getBytesUnsafe(2);
 146                     if(bb!=null) {
 147                         Collection<? extends Certificate> x509s = Factory.toX509Certificate(bb.array());
 148                         for(Certificate c : x509s) {
 149                             X509Certificate xc = (X509Certificate)c;
 150                             for(CredInfo ci : list) {
 151                                 if(xc.getNotAfter().equals(ci.expires)) {
 152                                     ci.update(cbl, ca + '|' + xc.getSerialNumber());
 153                                     break;
 154                                 }
 155                             }
 156                         }
 157                     }
 158                 }
 159             }
 160             cbl.flush();
 161             trans.info().printf("Processed %d x509 records, updated %d records in %d batches.", count, cbl.total(), cbl.batches());
 162             count = 0;
 163         } catch (Exception e) {
 164             trans.error().log(e);
 165         }
 166     }
 167
 168     private static class CredInfo {
 169         public final String id;
 170         public final int type;
 171         public final Date expires;
 172
 173         public CredInfo(String id, int type, Date expires) {
 174             this.id = id;
 175             this.type = type;
 176             this.expires = expires;
 177         }
 178
 179         public void update(CQLBatchLoop cbl, String newtag) {
 180             StringBuilder sb = cbl.inc();
 181             sb.append("UPDATE authz.cred SET tag='");
 182             sb.append(newtag);
 183             sb.append("' WHERE id='");
 184             sb.append(id);
 185             sb.append("' AND type=");
 186             sb.append(type);
 187             sb.append(" AND expires=dateof(maxtimeuuid(");
 188             sb.append(expires.getTime());
 189             sb.append("));");
 190         }
 191     }
 192
 193     private void update(CQLBatchLoop cbl, Row row, String newtag) {
 194         StringBuilder sb = cbl.inc();
 195         sb.append("UPDATE authz.cred SET tag='");
 196         sb.append(newtag);
 197         sb.append("' WHERE id='");
 198         sb.append(row.getString(0));
 199         sb.append("' AND type=");
 200         sb.append(row.getInt(1));
 201         sb.append(" AND expires=dateof(maxtimeuuid(");
 202         Date lc = row.getTimestamp(2);
 203         sb.append(lc.getTime());
 204         sb.append("));");
 205     }
 206
 207     @Override
 208     protected void _close(AuthzTrans trans) {
 209         trans.info().log("End " + this.getClass().getSimpleName() + " processing" );
 210         session.close();
 211     }
 212
 213 }