Skip to content
GitLab
Select Git revision
  • dev default
  • main
  • 1.2
  • 1.1
  • 1.0
Find file BlameHistoryPermalink
AuditLib.php 4.94 KiB
1 
<?php
2
3 
namespace FusionDirectory\Audit;
4
5 
// Simplify the base code by import (using) base php classes
6 
use DateTime;
7 
use DateTimeZone;
8 
use Exception;
9 
use FusionDirectory\Ldap;
10
11 
class AuditLib
12 
{
13
14 
  private int        $auditRetention;
15 
  private ?string    $subTaskDN;
16 
  private ?string    $subTaskCN;
17 
  private array      $auditList;
18 
  private ?Ldap\Link $ldapBind;
19 
  private ?object    $gateway;
20
21 
  public function __construct (
22 
    int $auditRetention,
23 
    array $auditList,
24 
    ?object $gateway     = NULL,
25 
    ?string $subTaskDN   = NULL,
26 
    ?string $subTaskCN   = NULL,
27 
    ?Ldap\Link $ldapBind = NULL
28 
  )
29 
  {
30 
    $this->auditRetention = $auditRetention;
31 
    $this->subTaskDN      = $subTaskDN;
32 
    $this->subTaskCN      = $subTaskCN;
33 
    $this->auditList      = $auditList;
34 
    $this->ldapBind       = $ldapBind;
35 
    $this->gateway        = $gateway;
36 
  }
37
38 
  /**
39 
   * @return array
40 
   * Note : This will return a validation of audit log suppression
41 
   * @throws Exception
42 
   */
43 
  public function checkAuditPassedRetentionOrchestrator (): array
44 
  {
45 
    $result = [];
46
47 
    $today = new DateTime();
48
49 
    // In case no audit exists, we have to update the tasks as well. Meaning below loop won't be reached.
50 
    if (empty($this->auditList)) {
51 
      $result[$this->subTaskCN]['result']       = TRUE;
52 
      $result[$this->subTaskCN]['info']         = 'No audit to be removed.';
53 
      $result[$this->subTaskCN]['statusUpdate'] = $this->gateway->updateTaskStatus($this->subTaskDN, $this->subTaskCN, "2");
54 
    }
55
56 
    foreach ($this->auditList as $record) {
57 
      // Record in Human Readable date time object
58 
      $auditDateTime = $this->generalizeLdapTimeToPhpObject($record['fdauditdatetime'][0]);
59
60 
      $interval = $today->diff($auditDateTime);
61
62 
      // Check if the interval is equal or greater than auditRetention setting
63 
      if ($interval->days >= $this->auditRetention) {
64 
        // If greater, delete the DN audit entry, we reuse removeSubTask method from gateway and get ldap response.(bool).
65 
        $result[$this->subTaskCN]['result'] = $this->gateway->removeSubTask($record['dn']);
66 
        $result[$this->subTaskCN]['info']   = 'Audit record removed.';
67
68 
        // Update tasks accordingly if LDAP succeeded. TRUE Boolean returned by ldap.
69 
        if ($result[$this->subTaskCN]['result']) {
70 
          // Update the subtask with the status completed a.k.a "2".
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
$result[$this->subTaskCN]['statusUpdate'] = $this->gateway->updateTaskStatus($this->subTaskDN, $this->subTaskCN, "2"); } else { // Update the task with the LDAP potential error code. $result[$this->subTaskCN]['statusUpdate'] = $this->gateway->updateTaskStatus($this->subTaskDN, $this->subTaskCN, $result[$record['dn']]['result']); } } } return $result; } /** * @return array * Note : This will return a validation of audit log suppression * @throws Exception */ public function checkAuditPassedRetentionCLI (): array { $result = []; $today = new DateTime(); // Enter condition if lib is used by CLI tools // In case no audit exists, we have to update the tasks as well. Meaning below loop won't be reached. if (empty($this->auditList)) { return ['No audit entries found.']; } foreach ($this->auditList as $record) { // Record in Human Readable date time object $auditDateTime = $this->generalizeLdapTimeToPhpObject($record['fdauditdatetime'][0]); $interval = $today->diff($auditDateTime); // Check if the interval is equal or greater than auditRetention setting if ($interval->days >= $this->auditRetention) { // If greater, delete the DN audit entry, we reuse removeSubTask method from gateway and get ldap response.(bool). $result[$record['dn']] = 'audit entry requiring deletion'; $result[$record['dn']]['ldapStatus'] = $this->ldapBind->delete($record['dn']); } } return $result; } /** * @param $generalizeLdapDateTime * @return DateTime|string[] * @throws Exception * Note : Simply take a generalized Ldap time (with UTC = Z) and transform it to php object dateTime. */ public function generalizeLdapTimeToPhpObject ($generalizeLdapDateTime) { // Extract the date part (first 8 characters: YYYYMMDD), we do not care about hour and seconds. $auditTimeFormatted = substr($generalizeLdapDateTime, 0, 8); // Create a DateTime object using only the date part, carefully setting the timezone to UTC. Audit timestamp is UTC $auditDate = DateTime::createFromFormat('Ymd', $auditTimeFormatted, new DateTimeZone('UTC')); // Check if the DateTime object was created successfully if (!$auditDate) { return ['Error in Time conversion from Audit record with timestamp :' . $generalizeLdapDateTime]; } // Transform dateTime object from UTC to local defined dateTime. (Timezone is set in index.php if used by orchestrator). $auditDate->setTimezone(new DateTimeZone(date_default_timezone_get()));
141142143144
return $auditDate; } }