diff options
4 files changed, 20 insertions, 14 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 227717b7..ff2c72a5 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -219,11 +219,13 @@ public class Analyze extends Batch { // for users and approvers still valid String user = appr.getUser(); - if(org.isRevoked(noAvg, appr.getApprover())) { - deleteCW.comment("Approver ID is revoked"); + Date revokedAppr = org.isRevoked(noAvg, appr.getApprover()); + Date revokedUser = org.isRevoked(noAvg, user); + if(revokedAppr!=null) { + deleteCW.comment("Approver ID is revoked on " + revokedAppr); Approval.row(deleteCW, appr); - } else if(user!=null && !user.isEmpty() && org.isRevoked(noAvg, user)) { - deleteCW.comment("USER ID is revoked"); + } else if(user!=null && !user.isEmpty() && revokedUser!=null) { + deleteCW.comment("USER ID is revoked on " + revokedUser); Approval.row(deleteCW, appr); } else { ticket.approvals.add(appr); // add to found Ticket @@ -393,14 +395,15 @@ public class Analyze extends Batch { } return; } - if(org.isRevoked(trans, ur.user())) { + Date revoked = org.isRevoked(trans, ur.user()); + if(revoked!=null) { GregorianCalendar gc = new GregorianCalendar(); - gc.setTime(ur.expires()); + gc.setTime(revoked); GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user()); if(now.after(gracePeriodEnds.getTime())) { ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left"); } else { - ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString()); + ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + Chrono.dateOnlyStamp(gracePeriodEnds)); } return; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java index fadd0682..dc45ecae 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java @@ -134,7 +134,8 @@ public class NotInOrg extends Batch { private Writer whichWriter(AuthzTrans transNoAvg, String id) { Writer w = whichWriter.get(id); if(w==null) { - w = org.isRevoked(transNoAvg, id)? + Date revoked = org.isRevoked(transNoAvg, id); + w = revoked != null? notInOrgDeleteW: notInOrgW; whichWriter.put(id,w); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 95f37859..f34ed151 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -124,7 +124,7 @@ public interface Organization { * feed with a "Deleted ID" feed. * */ - public boolean isRevoked(AuthzTrans trans, String id); + public Date isRevoked(AuthzTrans trans, String id); /** @@ -575,9 +575,9 @@ public interface Organization { } @Override - public boolean isRevoked(AuthzTrans trans, String id) { + public Date isRevoked(AuthzTrans trans, String id) { // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table. - return false; + return null; } @Override diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 2440e02e..307c9c95 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -41,6 +41,7 @@ import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.Env; +import org.onap.aaf.org.Identities.Data; public class DefaultOrg implements Organization { private static final String AAF_DATA_DIR = "aaf_data_dir"; @@ -172,7 +173,7 @@ public class DefaultOrg implements Organization { * If the ID isn't in the revoked file, if it exists, it is revoked. */ @Override - public boolean isRevoked(AuthzTrans trans, String key) { + public Date isRevoked(AuthzTrans trans, String key) { if(revoked!=null) { try { revoked.open(trans, DefaultOrgIdentity.TIMEOUT); @@ -185,7 +186,8 @@ public class DefaultOrg implements Organization { } else { search = key; } - return revoked.find(search, r)!=null; + Data revokedData = revoked.find(search, r); + return revokedData==null?null:new Date(); } finally { revoked.close(trans); } @@ -193,7 +195,7 @@ public class DefaultOrg implements Organization { trans.error().log(e); } } - return false; + return null; } /* (non-Javadoc) |