Issue-ID: AAF-1058
Change-Id: I4120235dc6f78fb1db0c7bea86c6938aae076b63
Signed-off-by: Instrumental <jgonap@stl.gathman.org>
// for users and approvers still valid
String user = appr.getUser();
// for users and approvers still valid
String user = appr.getUser();
- if(org.isRevoked(noAvg, appr.getApprover())) {
- deleteCW.comment("Approver ID is revoked");
+ Date revokedAppr = org.isRevoked(noAvg, appr.getApprover());
+ Date revokedUser = org.isRevoked(noAvg, user);
+ if(revokedAppr!=null) {
+ deleteCW.comment("Approver ID is revoked on " + revokedAppr);
Approval.row(deleteCW, appr);
Approval.row(deleteCW, appr);
- } else if(user!=null && !user.isEmpty() && org.isRevoked(noAvg, user)) {
- deleteCW.comment("USER ID is revoked");
+ } else if(user!=null && !user.isEmpty() && revokedUser!=null) {
+ deleteCW.comment("USER ID is revoked on " + revokedUser);
Approval.row(deleteCW, appr);
} else {
ticket.approvals.add(appr); // add to found Ticket
Approval.row(deleteCW, appr);
} else {
ticket.approvals.add(appr); // add to found Ticket
- if(org.isRevoked(trans, ur.user())) {
+ Date revoked = org.isRevoked(trans, ur.user());
+ if(revoked!=null) {
GregorianCalendar gc = new GregorianCalendar();
GregorianCalendar gc = new GregorianCalendar();
- gc.setTime(ur.expires());
GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
if(now.after(gracePeriodEnds.getTime())) {
ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
} else {
GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
if(now.after(gracePeriodEnds.getTime())) {
ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
} else {
- ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+ ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + Chrono.dateOnlyStamp(gracePeriodEnds));
private Writer whichWriter(AuthzTrans transNoAvg, String id) {
Writer w = whichWriter.get(id);
if(w==null) {
private Writer whichWriter(AuthzTrans transNoAvg, String id) {
Writer w = whichWriter.get(id);
if(w==null) {
- w = org.isRevoked(transNoAvg, id)?
+ Date revoked = org.isRevoked(transNoAvg, id);
+ w = revoked != null?
notInOrgDeleteW:
notInOrgW;
whichWriter.put(id,w);
notInOrgDeleteW:
notInOrgW;
whichWriter.put(id,w);
* feed with a "Deleted ID" feed.
*
*/
* feed with a "Deleted ID" feed.
*
*/
- public boolean isRevoked(AuthzTrans trans, String id);
+ public Date isRevoked(AuthzTrans trans, String id);
- public boolean isRevoked(AuthzTrans trans, String id) {
+ public Date isRevoked(AuthzTrans trans, String id) {
// provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
// provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.org.Identities.Data;
public class DefaultOrg implements Organization {
private static final String AAF_DATA_DIR = "aaf_data_dir";
public class DefaultOrg implements Organization {
private static final String AAF_DATA_DIR = "aaf_data_dir";
* If the ID isn't in the revoked file, if it exists, it is revoked.
*/
@Override
* If the ID isn't in the revoked file, if it exists, it is revoked.
*/
@Override
- public boolean isRevoked(AuthzTrans trans, String key) {
+ public Date isRevoked(AuthzTrans trans, String key) {
if(revoked!=null) {
try {
revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
if(revoked!=null) {
try {
revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
- return revoked.find(search, r)!=null;
+ Data revokedData = revoked.find(search, r);
+ return revokedData==null?null:new Date();
} finally {
revoked.close(trans);
}
} finally {
revoked.close(trans);
}
trans.error().log(e);
}
}
trans.error().log(e);
}
}