CredentialStore.h

Go to the documentation of this file.

#ifndef CondCore_CondDB_CredentialStore_h
#define CondCore_CondDB_CredentialStore_h

#include "CondCore/CondDB/interface/DecodingKey.h"
//
#include <map>
#include <memory>
#include <string>
//
#include "CoralBase/MessageStream.h"

namespace coral {

  class AuthenticationCredentials;
  class IAuthenticationCredentials;
  class ISession;
  class IConnection;

}

namespace coral_bridge {

  class AuthenticationCredentialSet {

  public:
    AuthenticationCredentialSet();

    virtual ~AuthenticationCredentialSet();


    void registerItem( const std::string& connectionString, 
               const std::string& itemName,
               const std::string& itemValue );
                  

    void registerItem( const std::string& connectionString, 
               const std::string& role,
               const std::string& itemName,
               const std::string& itemValue );

    void registerCredentials( const std::string& connectionString,
                  const std::string& userName,
                  const std::string& password );

    void registerCredentials( const std::string& connectionString,
                  const std::string& role,
                  const std::string& userName,
                  const std::string& password );

    void import( const AuthenticationCredentialSet& data );

    const coral::IAuthenticationCredentials* get( const std::string& connectionString ) const;

    const coral::IAuthenticationCredentials* get( const std::string& connectionString, const std::string& role ) const;

    const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& data() const ;

    void reset();

  private:
    std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* > m_data;

  };

}

namespace cond {

  class Cipher;

  std::string schemaLabel( const std::string& serviceName, const std::string& userName );
    
  //
  class CredentialStore {

  public:
    // default service is pointed in case the specific one has not been found in the key list
    static const std::string DEFAULT_DATA_SOURCE;

  public:
    CredentialStore();
    
    virtual ~CredentialStore();

  public:

    std::string setUpForService( const std::string& serviceName, const std::string& authPath );

    std::string setUpForConnectionString( const std::string& connectionString, const std::string& authPath );
    
    bool createSchema( const std::string& connectionString, const std::string& userName, const std::string& password );

    bool drop( const std::string& connectionString, const std::string& userName, const std::string& password );

    bool resetAdmin( const std::string& userName, const std::string& password );

    bool updatePrincipal( const std::string& principal, const std::string& principalKey, bool setAdmin=false);

    bool setPermission( const std::string& principal, const std::string& role, const std::string& connectionString, const std::string& connectionLabel );

    bool unsetPermission( const std::string& principal, const std::string& role, const std::string& connectionString );

    bool updateConnection( const std::string& connectionLabel, const std::string& userName, const std::string& password  );

    bool removePrincipal( const std::string& principal );

    bool removeConnection( const std::string& connectionLabel );

    bool selectForUser( coral_bridge::AuthenticationCredentialSet& destinationData );

    bool importForPrincipal( const std::string& principal, const coral_bridge::AuthenticationCredentialSet& data, bool forceUpdateConnection=false );    

    bool listPrincipals( std::vector<std::string>& destination );

    bool listConnections( std::map<std::string,std::pair<std::string,std::string> >& destination );

    struct Permission {
      std::string principalName;
      std::string role;
      std::string connectionString;
      std::string connectionLabel;
    };
    bool selectPermissions( const std::string& principalName, const std::string& role, const std::string& connectionString, std::vector<Permission>& destination );

    bool exportAll( coral_bridge::AuthenticationCredentialSet& data );

    const std::string& keyPrincipalName ();

    private:

    friend class CSScopedSession;

    std::pair<std::string,std::string> openConnection( const std::string& connectionString );
    void openSession( const std::string& schemaName, const std::string& userName, const std::string& password, bool readMode );
    void startSuperSession( const std::string& connectionString, const std::string& userName, const std::string& password );
    void startSession( bool readMode );

    void openSession( bool readOnly=true );
    
    void closeSession( bool commit=true );

    private:

    std::shared_ptr<coral::IConnection> m_connection;
    std::shared_ptr<coral::ISession> m_session;
    
    int m_principalId;
    // the key used to encrypt the db credentials accessibles by the owner of the authenticated key.
    std::string m_principalKey;
    
    std::string m_serviceName;
    const auth::ServiceCredentials* m_serviceData;
    
    auth::DecodingKey m_key;

  };

}




#endif