#include <CredentialStore.h>
Classes | |
struct | Permission |
Public Member Functions | |
bool | createSchema (const std::string &connectionString, const std::string &userName, const std::string &password) |
CredentialStore () | |
Standard Constructor. More... | |
bool | drop (const std::string &connectionString, const std::string &userName, const std::string &password) |
bool | exportAll (coral_bridge::AuthenticationCredentialSet &data) |
bool | importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false) |
import data More... | |
const std::string & | keyPrincipalName () |
bool | listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination) |
bool | listPrincipals (std::vector< std::string > &destination) |
bool | removeConnection (const std::string &connectionLabel) |
bool | removePrincipal (const std::string &principal) |
bool | resetAdmin (const std::string &userName, const std::string &password) |
bool | selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData) |
bool | selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination) |
bool | setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel) |
std::string | setUpForConnectionString (const std::string &connectionString, const std::string &authPath) |
std::string | setUpForService (const std::string &serviceName, const std::string &authPath) |
Sets the initialization parameters. More... | |
bool | unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString) |
bool | updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password) |
bool | updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false) |
virtual | ~CredentialStore () |
Standard Destructor. More... | |
Static Public Attributes | |
static const std::string | DEFAULT_DATA_SOURCE |
Private Member Functions | |
void | closeSession (bool commit=true) |
std::pair< std::string, std::string > | openConnection (const std::string &connectionString) |
void | openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode) |
void | openSession (bool readOnly=true) |
void | startSession (bool readMode) |
void | startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password) |
Private Attributes | |
std::shared_ptr< coral::IConnection > | m_connection |
auth::DecodingKey | m_key |
int | m_principalId |
std::string | m_principalKey |
const auth::ServiceCredentials * | m_serviceData |
std::string | m_serviceName |
std::shared_ptr< coral::ISession > | m_session |
Friends | |
class | CSScopedSession |
Definition at line 83 of file CredentialStore.h.
cond::CredentialStore::CredentialStore | ( | ) |
Standard Constructor.
Definition at line 709 of file CredentialStore.cc.
|
virtual |
Standard Destructor.
Definition at line 719 of file CredentialStore.cc.
References AlCaHLTBitMon_QueryRunRegistry::string.
|
private |
Definition at line 548 of file CredentialStore.cc.
bool cond::CredentialStore::createSchema | ( | const std::string & | connectionString, |
const std::string & | userName, | ||
const std::string & | password | ||
) |
Definition at line 781 of file CredentialStore.cc.
References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), gather_cfg::cout, MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), m_key, m_principalKey, m_serviceData, m_serviceName, m_session, cond::auth::KeyGenerator::make(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), cond::auth::DecodingKey::principalKey(), cond::auth::DecodingKey::principalName(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), funct::true, cond::updateConnectionData(), cond::updatePrincipalData(), cond::auth::ServiceCredentials::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().
bool cond::CredentialStore::drop | ( | const std::string & | connectionString, |
const std::string & | userName, | ||
const std::string & | password | ||
) |
Definition at line 893 of file CredentialStore.cc.
References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), m_session, dataDML::schema, SEQUENCE_TABLE_NAME(), dataDML::session, and cond::CSScopedSession::startSuper().
bool cond::CredentialStore::exportAll | ( | coral_bridge::AuthenticationCredentialSet & | data | ) |
Definition at line 1413 of file CredentialStore.cc.
References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().
bool cond::CredentialStore::importForPrincipal | ( | const std::string & | principal, |
const coral_bridge::AuthenticationCredentialSet & | data, | ||
bool | forceUpdateConnection = false |
||
) |
import data
Definition at line 1246 of file CredentialStore.cc.
References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), runEdmFileComparison::found, cond::PrincipalData::id, m_principalKey, m_session, genParticles_cff::map, mps_check::msg, createfilelist::parser, dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updateConnectionData().
const std::string & cond::CredentialStore::keyPrincipalName | ( | ) |
Definition at line 1469 of file CredentialStore.cc.
References m_key, and cond::auth::DecodingKey::principalName().
Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().
bool cond::CredentialStore::listConnections | ( | std::map< std::string, std::pair< std::string, std::string > > & | destination | ) |
Definition at line 1308 of file CredentialStore.cc.
References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cmsStageWithFailover::destination, runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().
bool cond::CredentialStore::listPrincipals | ( | std::vector< std::string > & | destination | ) |
Definition at line 1285 of file CredentialStore.cc.
References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), runEdmFileComparison::found, m_session, PRINCIPAL_NAME_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.
|
private |
Definition at line 567 of file CredentialStore.cc.
References instance.
|
private |
Definition at line 580 of file CredentialStore.cc.
References lumiQueryAPI::accessMode.
|
private |
bool cond::CredentialStore::removeConnection | ( | const std::string & | connectionLabel | ) |
Definition at line 1159 of file CredentialStore.cc.
References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), runEdmFileComparison::found, cond::CredentialData::id, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().
bool cond::CredentialStore::removePrincipal | ( | const std::string & | principal | ) |
Definition at line 1125 of file CredentialStore.cc.
References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), dataDML::schema, cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().
bool cond::CredentialStore::resetAdmin | ( | const std::string & | userName, |
const std::string & | password | ||
) |
Definition at line 906 of file CredentialStore.cc.
References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::ServiceCredentials::connectionString, m_key, m_principalKey, m_serviceData, m_serviceName, m_session, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, cond::auth::DecodingKey::principalKey(), cond::PrincipalData::principalKey, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and cond::updatePrincipalData().
bool cond::CredentialStore::selectForUser | ( | coral_bridge::AuthenticationCredentialSet & | destinationData | ) |
Definition at line 1193 of file CredentialStore.cc.
References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), m_principalId, m_principalKey, m_session, P_ID_COL(), PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().
Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().
bool cond::CredentialStore::selectPermissions | ( | const std::string & | principalName, |
const std::string & | role, | ||
const std::string & | connectionString, | ||
std::vector< Permission > & | destination | ||
) |
Definition at line 1352 of file CredentialStore.cc.
References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, runEdmFileComparison::found, m_session, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, das::query(), cond::CredentialStore::Permission::role, ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.
Referenced by updatePrincipal().
bool cond::CredentialStore::setPermission | ( | const std::string & | principal, |
const std::string & | role, | ||
const std::string & | connectionString, | ||
const std::string & | connectionLabel | ||
) |
Definition at line 1048 of file CredentialStore.cc.
References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, runEdmFileComparison::found, cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().
std::string cond::CredentialStore::setUpForConnectionString | ( | const std::string & | connectionString, |
const std::string & | authPath | ||
) |
Definition at line 755 of file CredentialStore.cc.
References instance, serviceName, setUpForService(), and AlCaHLTBitMon_QueryRunRegistry::string.
Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().
std::string cond::CredentialStore::setUpForService | ( | const std::string & | serviceName, |
const std::string & | authPath | ||
) |
Sets the initialization parameters.
Definition at line 723 of file CredentialStore.cc.
References cond::auth::COND_KEY, cond::auth::ServiceCredentials::connectionString, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, cond::auth::DecodingKey::init(), m_key, m_serviceData, m_serviceName, mps_check::msg, callgraph::path, serviceName, cond::auth::DecodingKey::services(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().
Referenced by setUpForConnectionString().
|
private |
Definition at line 600 of file CredentialStore.cc.
References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, das::query(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.
|
private |
Definition at line 592 of file CredentialStore.cc.
bool cond::CredentialStore::unsetPermission | ( | const std::string & | principal, |
const std::string & | role, | ||
const std::string & | connectionString | ||
) |
Definition at line 1079 of file CredentialStore.cc.
References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().
bool cond::CredentialStore::updateConnection | ( | const std::string & | connectionLabel, |
const std::string & | userName, | ||
const std::string & | password | ||
) |
Definition at line 1111 of file CredentialStore.cc.
References cond::CSScopedSession::close(), m_principalKey, m_session, dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and cond::updateConnectionData().
Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().
bool cond::CredentialStore::updatePrincipal | ( | const std::string & | principalName, |
const std::string & | authenticationKey, | ||
bool | setAdmin = false |
||
) |
bool cond::CredentialStore::installAdmin( const std::string& userName, const std::string& password ){ if(!m_serviceData){ throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" ); } const std::string& connectionString = m_serviceData->connectionString; const std::string& principalName = m_key.principalName();
CSScopedSession session( *this ); session.startSuper( connectionString, userName, password );
coral::ISchema& schema = m_session->nominalSchema();
PrincipalData princData; bool found = selectPrincipal( schema, principalName, princData );
if( found ){ std::string msg("Principal \""); msg += principalName + "" has been installed already."; throwException(msg,"CredentialStore::installAdmin"); }
auth::KeyGenerator gen; m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );
coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
int principalId = -1; if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );
auth::Cipher cipher0( m_key.principalKey() ); auth::Cipher cipher1( m_principalKey );
coral::AttributeList authData; editor0.rowBuffer(authData); authData[ PRINCIPAL_ID_COL ].data<int>() = principalId; authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName; authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName ); authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey ); authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey ); editor0.insertRow( authData );
std::string connLabel = schemaLabelForCredentialStore( connectionString ); auth::DecodingKey tmpKey; std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE ); std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );
auth::Cipher cipher2( connectionKey ); std::string encryptedUserName = cipher2.b64encrypt( userName ); std::string encryptedPassword = cipher2.b64encrypt( password ); std::string encryptedLabel = cipher2.b64encrypt( connLabel );
int connId = -1; if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );
coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor(); coral::AttributeList connectionData; editor1.rowBuffer(connectionData); connectionData[ CONNECTION_ID_COL ].data<int>() = connId; connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel; connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName; connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword; connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel; connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey; editor1.insertRow( connectionData );
int authId = -1; if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );
coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor(); coral::AttributeList permissionData; editor2.rowBuffer(permissionData); permissionData[ AUTH_ID_COL ].data<int>() = authId; permissionData[ P_ID_COL ].data<int>() = principalId; permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE; permissionData[ SCHEMA_COL ].data<std::string>() = connectionString; permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey; permissionData[ C_ID_COL ].data<int>() = connId; editor2.insertRow( permissionData );
session.close(); return true; }
Definition at line 1020 of file CredentialStore.cc.
References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::auth::ServiceCredentials::connectionString, cond::CredentialData::id, m_key, m_principalKey, m_serviceData, m_session, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::selectConnection(), selectPermissions(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().
|
friend |
Definition at line 144 of file CredentialStore.h.
|
static |
Definition at line 87 of file CredentialStore.h.
|
private |
Definition at line 157 of file CredentialStore.h.
|
private |
Definition at line 167 of file CredentialStore.h.
Referenced by createSchema(), keyPrincipalName(), resetAdmin(), setUpForService(), and updatePrincipal().
|
private |
Definition at line 160 of file CredentialStore.h.
Referenced by selectForUser().
|
private |
Definition at line 162 of file CredentialStore.h.
Referenced by createSchema(), exportAll(), importForPrincipal(), listConnections(), resetAdmin(), selectForUser(), setPermission(), updateConnection(), and updatePrincipal().
|
private |
Definition at line 165 of file CredentialStore.h.
Referenced by createSchema(), resetAdmin(), setUpForService(), and updatePrincipal().
|
private |
Definition at line 164 of file CredentialStore.h.
Referenced by createSchema(), resetAdmin(), and setUpForService().
|
private |
Definition at line 158 of file CredentialStore.h.
Referenced by createSchema(), drop(), exportAll(), importForPrincipal(), listConnections(), listPrincipals(), removeConnection(), removePrincipal(), resetAdmin(), selectForUser(), selectPermissions(), setPermission(), unsetPermission(), updateConnection(), and updatePrincipal().