summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java17
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java3
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java6
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java8
4 files changed, 20 insertions, 14 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index 227717b7..ff2c72a5 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -219,11 +219,13 @@ public class Analyze extends Batch {
// for users and approvers still valid
String user = appr.getUser();
- if(org.isRevoked(noAvg, appr.getApprover())) {
- deleteCW.comment("Approver ID is revoked");
+ Date revokedAppr = org.isRevoked(noAvg, appr.getApprover());
+ Date revokedUser = org.isRevoked(noAvg, user);
+ if(revokedAppr!=null) {
+ deleteCW.comment("Approver ID is revoked on " + revokedAppr);
Approval.row(deleteCW, appr);
- } else if(user!=null && !user.isEmpty() && org.isRevoked(noAvg, user)) {
- deleteCW.comment("USER ID is revoked");
+ } else if(user!=null && !user.isEmpty() && revokedUser!=null) {
+ deleteCW.comment("USER ID is revoked on " + revokedUser);
Approval.row(deleteCW, appr);
} else {
ticket.approvals.add(appr); // add to found Ticket
@@ -393,14 +395,15 @@ public class Analyze extends Batch {
}
return;
}
- if(org.isRevoked(trans, ur.user())) {
+ Date revoked = org.isRevoked(trans, ur.user());
+ if(revoked!=null) {
GregorianCalendar gc = new GregorianCalendar();
- gc.setTime(ur.expires());
+ gc.setTime(revoked);
GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
if(now.after(gracePeriodEnds.getTime())) {
ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
} else {
- ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+ ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + Chrono.dateOnlyStamp(gracePeriodEnds));
}
return;
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
index fadd0682..dc45ecae 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
@@ -134,7 +134,8 @@ public class NotInOrg extends Batch {
private Writer whichWriter(AuthzTrans transNoAvg, String id) {
Writer w = whichWriter.get(id);
if(w==null) {
- w = org.isRevoked(transNoAvg, id)?
+ Date revoked = org.isRevoked(transNoAvg, id);
+ w = revoked != null?
notInOrgDeleteW:
notInOrgW;
whichWriter.put(id,w);
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 95f37859..f34ed151 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -124,7 +124,7 @@ public interface Organization {
* feed with a "Deleted ID" feed.
*
*/
- public boolean isRevoked(AuthzTrans trans, String id);
+ public Date isRevoked(AuthzTrans trans, String id);
/**
@@ -575,9 +575,9 @@ public interface Organization {
}
@Override
- public boolean isRevoked(AuthzTrans trans, String id) {
+ public Date isRevoked(AuthzTrans trans, String id) {
// provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
- return false;
+ return null;
}
@Override
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 2440e02e..307c9c95 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -41,6 +41,7 @@ import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.org.Identities.Data;
public class DefaultOrg implements Organization {
private static final String AAF_DATA_DIR = "aaf_data_dir";
@@ -172,7 +173,7 @@ public class DefaultOrg implements Organization {
* If the ID isn't in the revoked file, if it exists, it is revoked.
*/
@Override
- public boolean isRevoked(AuthzTrans trans, String key) {
+ public Date isRevoked(AuthzTrans trans, String key) {
if(revoked!=null) {
try {
revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
@@ -185,7 +186,8 @@ public class DefaultOrg implements Organization {
} else {
search = key;
}
- return revoked.find(search, r)!=null;
+ Data revokedData = revoked.find(search, r);
+ return revokedData==null?null:new Date();
} finally {
revoked.close(trans);
}
@@ -193,7 +195,7 @@ public class DefaultOrg implements Organization {
trans.error().log(e);
}
}
- return false;
+ return null;
}
/* (non-Javadoc)