cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes
struct	Permission

Public Member Functions
bool	createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
	CredentialStore ()
	Standard Constructor. More...
bool	drop (const std::string &connectionString, const std::string &userName, const std::string &password)
bool	exportAll (coral_bridge::AuthenticationCredentialSet &data)
bool	importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
	import data More...
const std::string &	keyPrincipalName ()
bool	listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
bool	listPrincipals (std::vector< std::string > &destination)
bool	removeConnection (const std::string &connectionLabel)
bool	removePrincipal (const std::string &principal)
bool	resetAdmin (const std::string &userName, const std::string &password)
bool	selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
bool	selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
bool	setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
std::string	setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
std::string	setUpForService (const std::string &serviceName, const std::string &authPath)
	Sets the initialization parameters. More...
bool	unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
bool	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
bool	updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
virtual	~CredentialStore ()
	Standard Destructor. More...

Static Public Attributes
static const std::string	DEFAULT_DATA_SOURCE

Private Member Functions
void	closeSession (bool commit=true)
std::pair< std::string, std::string >	openConnection (const std::string &connectionString)
void	openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
void	openSession (bool readOnly=true)
void	startSession (bool readMode)
void	startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)

Private Attributes
std::shared_ptr< coral::IConnection >	m_connection
auth::DecodingKey	m_key
int	m_principalId
std::string	m_principalKey
const auth::ServiceCredentials *	m_serviceData
std::string	m_serviceName
std::shared_ptr< coral::ISession >	m_session

Friends
class	CSScopedSession

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore

(

)

Standard Constructor.

Definition at line 709 of file CredentialStore.cc.

                                    :
  m_connection(),
  m_session(),
  m_principalId(-1),
  m_principalKey(""),
  m_serviceName(""),
  m_serviceData(nullptr),
  m_key(){
}

cond::CredentialStore::~CredentialStore ( )

virtual

Standard Destructor.

Definition at line 719 of file CredentialStore.cc.

References AlCaHLTBitMon_QueryRunRegistry::string.

                                     {
}

Member Function Documentation

void cond::CredentialStore::closeSession ( bool  commit = true )

private

Definition at line 548 of file CredentialStore.cc.

                                                   {

  if( m_session.get() ){
    if(m_session->transaction().isActive()){
      if( commit ){
    m_session->transaction().commit();
      } else {
    m_session->transaction().rollback();
      }
    }
    m_session->endUserSession();
  }
  m_session.reset();
  if( m_connection.get() ){
    m_connection->disconnect();
  }
  m_connection.reset();
}

bool cond::CredentialStore::createSchema	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 781 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), gather_cfg::cout, MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), m_key, m_principalKey, m_serviceData, m_serviceName, m_session, cond::auth::KeyGenerator::make(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), cond::auth::DecodingKey::principalKey(), cond::auth::DecodingKey::principalName(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), funct::true, cond::updateConnectionData(), cond::updatePrincipalData(), cond::auth::ServiceCredentials::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                                                           {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
    throwException("Credential database, already exists.","CredentialStore::create");
  }

  coral::TableDescription dseq;
  dseq.setName( SEQUENCE_TABLE_NAME );

  dseq.insertColumn( SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>() );
  dseq.setNotNullConstraint( SEQUENCE_NAME_COL );
  dseq.insertColumn( SEQUENCE_VALUE_COL,coral::AttributeSpecification::typeNameForType<int>() );
  dseq.setNotNullConstraint( SEQUENCE_VALUE_COL );
  dseq.setPrimaryKey( std::vector< std::string >( 1, SEQUENCE_NAME_COL ) );
  schema.createTable( dseq );

  int columnSize = 2000;

  // authentication table
  
  addSequence( schema, COND_AUTHENTICATION_TABLE );
  coral::TableDescription descr0;
  descr0.setName( COND_AUTHENTICATION_TABLE );
  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
  descr0.setNotNullConstraint( VERIFICATION_COL );
  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
  descr0.setNotNullConstraint( ADMIN_KEY_COL );
  std::vector<std::string> columnsUnique;
  columnsUnique.push_back( PRINCIPAL_NAME_COL);
  descr0.setUniqueConstraint( columnsUnique );
  std::vector<std::string> columnsForIndex;
  columnsForIndex.push_back(PRINCIPAL_ID_COL);
  descr0.setPrimaryKey( columnsForIndex );
  schema.createTable( descr0 );

  // authorization table
  addSequence( schema, COND_AUTHORIZATION_TABLE );
  coral::TableDescription descr1;
  descr1.setName( COND_AUTHORIZATION_TABLE );
  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.setNotNullConstraint( AUTH_ID_COL );
  descr1.setNotNullConstraint( P_ID_COL );
  descr1.setNotNullConstraint( ROLE_COL );
  descr1.setNotNullConstraint( SCHEMA_COL );
  descr1.setNotNullConstraint( AUTH_KEY_COL );
  descr1.setNotNullConstraint( C_ID_COL );
  columnsUnique.clear();
  columnsUnique.push_back( P_ID_COL);
  columnsUnique.push_back( ROLE_COL);
  columnsUnique.push_back( SCHEMA_COL);
  descr1.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(AUTH_ID_COL);
  descr1.setPrimaryKey( columnsForIndex );
  schema.createTable( descr1 );

  // credential table
  addSequence( schema, COND_CREDENTIAL_TABLE );
  coral::TableDescription descr2;
  descr2.setName( COND_CREDENTIAL_TABLE );
  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.setNotNullConstraint( CONNECTION_ID_COL );
  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
  descr2.setNotNullConstraint( USERNAME_COL );
  descr2.setNotNullConstraint( PASSWORD_COL );
  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
  columnsUnique.clear();
  columnsUnique.push_back( CONNECTION_LABEL_COL);
  descr2.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(CONNECTION_ID_COL);
  descr2.setPrimaryKey( columnsForIndex );
  schema.createTable( descr2 );

  try{
    schema.tableHandle( COND_AUTHENTICATION_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
    schema.tableHandle( COND_AUTHORIZATION_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
    schema.tableHandle( COND_CREDENTIAL_TABLE ).privilegeManager().grantToUser( m_serviceData->userName, coral::ITablePrivilegeManager::Select );
  } catch ( const  coral::Exception& e ){
    std::cout <<"WARNING: Could not grant select access to user "<<m_serviceData->userName<<": ["<<e.what()<<"]"<<std::endl;
  }
  auth::KeyGenerator gen;
  m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );
  auto princData = updatePrincipalData( schema, m_key.principalKey(), m_key.principalName(), m_principalKey, true );
  std::string credentialAccessLabel = schemaLabel( m_serviceName, userName );
  auto connParams = updateConnectionData( schema, m_principalKey, credentialAccessLabel, userName, password, true ); 
  bool ret = setPermissionData( schema, princData.first, m_principalKey, auth::COND_ADMIN_ROLE, connectionString, connParams.first, connParams.second );
  session.close();
  return ret;
}

bool cond::CredentialStore::drop	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 893 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), m_session, dataDML::schema, SEQUENCE_TABLE_NAME(), dataDML::session, and cond::CSScopedSession::startSuper().

                                                                                                                   {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
  session.close();
  return true;
}

bool cond::CredentialStore::exportAll

(

coral_bridge::AuthenticationCredentialSet &

data

)

Definition at line 1413 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                  {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::unique_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  auth::Cipher cipher0( m_principalKey );
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
    std::string userName("");
    std::string password("");
    std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
    auth::Cipher cipher1( connectionKey );
    std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
    if( verifKey == connectionLabel ){
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    data.registerCredentials( connectionString, role, userName, password );
    found = true;
  }
  session.close();
  return found;  
}

bool cond::CredentialStore::importForPrincipal	(	const std::string &	principal,
		const coral_bridge::AuthenticationCredentialSet &	data,
		bool	forceUpdateConnection = false
	)

import data

Definition at line 1246 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), runEdmFileComparison::found, cond::PrincipalData::id, m_principalKey, m_session, genParticles_cff::map, mps_check::msg, writedatasetfile::parser, dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updateConnectionData().

                                                    {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::importForPrincipal");
  }

  bool imported = false;
  auth::Cipher cipher( m_principalKey );
  std::string princKey = cipher.b64decrypt( princData.adminKey);

  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
    const std::string& connectionString = iConn->first.first;
    coral::URIParser parser;
    parser.setURI( connectionString );
    std::string serviceName = parser.hostName();
    const std::string& role = iConn->first.second;
    std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
    std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
    // first import the connections
    std::pair<int,std::string> conn = updateConnectionData( schema, m_principalKey, schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
    auth::Cipher cipher( m_principalKey );
    // than set the permission for the specific role
    setPermissionData( schema, princData.id, princKey, role, connectionString, conn.first, conn.second );
    imported = true;
  }
  session.close();  
  return imported;
}

const std::string & cond::CredentialStore::keyPrincipalName

(

)

Definition at line 1469 of file CredentialStore.cc.

References m_key, and cond::auth::DecodingKey::principalName().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                       {
  return m_key.principalName();
}

bool cond::CredentialStore::listConnections

(

std::map< std::string, std::pair< std::string, std::string > > &

destination

)

Definition at line 1308 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cmsStageWithFailover::destination, runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                       {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::unique_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
  readBuff.extend<std::string>( USERNAME_COL );
  readBuff.extend<std::string>( PASSWORD_COL );
  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
  readBuff.extend<std::string>( CONNECTION_KEY_COL );
  query->defineOutput(readBuff);
  query->addToOutputList( CONNECTION_LABEL_COL );
  query->addToOutputList( USERNAME_COL );
  query->addToOutputList( PASSWORD_COL );
  query->addToOutputList( VERIFICATION_KEY_COL );
  query->addToOutputList( CONNECTION_KEY_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  auth::Cipher cipher0(m_principalKey );
  while ( cursor.next() ) {
    std::string userName("");
    std::string password("");
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
    const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
    const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
    std::string connKey = cipher0.b64decrypt( encryptedKey );
    auth::Cipher cipher1( connKey );
    std::string verif = cipher1.b64decrypt( encryptedVerif );
    if( verif == connLabel ){
      const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
    found = true;
  }
  session.close();    
  return found;
}

bool cond::CredentialStore::listPrincipals

(

std::vector< std::string > &

destination

)

Definition at line 1285 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), runEdmFileComparison::found, m_session, PRINCIPAL_NAME_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                                           {

  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::unique_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
  query->defineOutput(readBuff);
  query->addToOutputList( PRINCIPAL_NAME_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    found = true;
    const coral::AttributeList& row = cursor.currentRow();
    destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
  }
  session.close();    
  return found;
}

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString )

private

Definition at line 567 of file CredentialStore.cc.

References instance.

                                                                                                   {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  m_connection.reset( domain.newConnection( connTokens.first ) );
  m_connection->connect();
  return connTokens;
}

void cond::CredentialStore::openSession ( const std::string &  schemaName, const std::string &  userName, const std::string &  password, bool  readMode  )

private

Definition at line 580 of file CredentialStore.cc.

References lumiQueryAPI::accessMode.

                                    {
  coral::AccessMode accessMode = coral::ReadOnly;
  if( !readMode ) accessMode = coral::Update;  
  m_session.reset( m_connection->newSession( schemaName, accessMode) );
  m_session->startUserSession( userName, password );
  // open read-only transaction
  m_session->transaction().start( readMode );
}

void cond::CredentialStore::openSession ( bool  readOnly = true )

private

bool cond::CredentialStore::removeConnection

(

const std::string &

connectionLabel

)

Definition at line 1159 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), runEdmFileComparison::found, cond::CredentialData::id, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                            {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  CredentialData credsData;
  bool found = selectConnection( schema, connectionLabel, credsData );

  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removeConnection");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( C_ID_COL );
  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( CONNECTION_ID_COL );
  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();

  return true;
}

bool cond::CredentialStore::removePrincipal

(

const std::string &

principal

)

Definition at line 1125 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), dataDML::schema, cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                     {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removePrincipal");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( P_ID_COL );
  deleteData0[ P_ID_COL ].data<int>() = princData.id;
  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( PRINCIPAL_ID_COL );
  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();
  
  return true;
}

bool cond::CredentialStore::resetAdmin	(	const std::string &	userName,
		const std::string &	password
	)

Definition at line 906 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::ServiceCredentials::connectionString, m_key, m_principalKey, m_serviceData, m_serviceName, m_session, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, cond::auth::DecodingKey::principalKey(), cond::PrincipalData::principalKey, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and cond::updatePrincipalData().

                                                                                          {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );    
  }
  const std::string& connectionString = m_serviceData->connectionString;
  
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password  );

  coral::ISchema& schema = m_session->nominalSchema();
  const std::string& principalName = m_key.principalName();
  const std::string& authenticationKey = m_key.principalKey();
  PrincipalData princData;
  if(!selectPrincipal( schema, principalName, princData ) ) {
    std::string msg("User \"");
    msg += principalName + "\" has not been found.";
    throwException(msg,"CredentialStore::resetAdmin");
  }
  auth::Cipher cipher0( authenticationKey ); 
  m_principalKey = cipher0.b64decrypt( princData.principalKey );

  auto p = updatePrincipalData( schema, authenticationKey, principalName, m_principalKey );
  std::string credentialAccessLabel = schemaLabel( m_serviceName, userName );
  auto connParams = updateConnectionData( schema, m_principalKey, credentialAccessLabel, userName, password, true ); 
  bool ret = setPermissionData( schema, p.first, m_principalKey, auth::COND_ADMIN_ROLE, connectionString, connParams.first, connParams.second );
  session.close();
  return ret;
}

bool cond::CredentialStore::selectForUser

(

coral_bridge::AuthenticationCredentialSet &

destinationData

)

Definition at line 1193 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), m_principalId, m_principalKey, m_session, P_ID_COL(), PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                                                                 {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  auth::Cipher cipher( m_principalKey );

  std::unique_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  coral::AttributeList whereData;
  whereData.extend<int>(P_ID_COL);
  whereData[ P_ID_COL ].data<int>() = m_principalId;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
    const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
    const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    std::string authKey = cipher.b64decrypt( encryptedAuthKey );
    auth::Cipher connCipher( authKey );
    if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
      destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ),  connCipher.b64decrypt( encryptedPassword ) );
    } 
  }
  session.close();
  return true;
}

bool cond::CredentialStore::selectPermissions	(	const std::string &	principalName,
		const std::string &	role,
		const std::string &	connectionString,
		std::vector< Permission > &	destination
	)

Definition at line 1352 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, runEdmFileComparison::found, m_session, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, das::query(), cond::CredentialStore::Permission::role, ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by updatePrincipal().

                                                               {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::unique_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  if( !principalName.empty() ){
    whereData.extend<std::string>(PRINCIPAL_NAME_COL);
    whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
    whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
  }
  if( !role.empty() ){
    whereData.extend<std::string>(ROLE_COL);
    whereData[ ROLE_COL ].data<std::string>() = role;
    whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
  }
  if( !connectionString.empty() ){
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
    whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  }
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->setCondition( whereClause.str(), whereData );
  query->addToOrderList( "AUTHO."+SCHEMA_COL );
  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL  );
  query->addToOrderList( "AUTHO."+ROLE_COL  );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    destination.resize( destination.size()+1 );
    Permission& perm = destination.back();
    perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
    perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    found = true;
  }
  session.close();
  return found;  
}

bool cond::CredentialStore::setPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString,
		const std::string &	connectionLabel
	)

Definition at line 1048 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, runEdmFileComparison::found, cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), cond::selectPrincipal(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                         {
  CSScopedSession session( *this );
  session.start( false  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  CredentialData credsData;
  found = selectConnection( schema, connectionLabel, credsData );
  
  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  auth::Cipher cipher( m_principalKey );
  bool ret = setPermissionData( schema, princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
  session.close();
  return ret;
}

std::string cond::CredentialStore::setUpForConnectionString	(	const std::string &	connectionString,
		const std::string &	authPath
	)

Definition at line 755 of file CredentialStore.cc.

References instance, serviceName, setUpForService(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                    {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  std::string& serviceName = connTokens.first;
  return setUpForService( serviceName, authPath );
}

std::string cond::CredentialStore::setUpForService	(	const std::string &	serviceName,
		const std::string &	authPath
	)

Sets the initialization parameters.

Definition at line 723 of file CredentialStore.cc.

References cond::auth::COND_KEY, cond::auth::ServiceCredentials::connectionString, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, cond::auth::DecodingKey::init(), m_key, m_serviceData, m_serviceName, mps_check::msg, callgraph::path, serviceName, cond::auth::DecodingKey::services(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by setUpForConnectionString().

                                               {
  if( serviceName.empty() ){
    throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );        
  }
  m_serviceName.clear();
  m_serviceData = nullptr;

  if( authPath.empty() ){
    throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path fullPath( authPath );
  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
    throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path file( auth::DecodingKey::FILE_PATH );
  fullPath /= file;

  m_key.init( fullPath.string(), auth::COND_KEY ); 
  
  std::map< std::string, auth::ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
  if( iK == m_key.services().end() ){
    std::string msg("");
    msg += "Service \""+serviceName+"\" can't be open with the current key.";
    throwException( msg,"cond::CredentialStore::setUpConnection" );    
  }
  m_serviceName = serviceName;
  m_serviceData = &iK->second;
  return m_serviceData->connectionString;
}

void cond::CredentialStore::startSession ( bool  readMode )

private

Definition at line 600 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, das::query(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

                                                     {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );    
  }
  const std::string& storeConnectionString = m_serviceData->connectionString;

  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );

  const std::string& userName = m_serviceData->userName;
  const std::string& password = m_serviceData->password;
 
  openSession( connTokens.second, userName, password, true );

  coral::ISchema& schema = m_session->nominalSchema();
  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
     !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
     !schema.existsTable(COND_CREDENTIAL_TABLE) ){
    throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
  }

  const std::string& principalName = m_key.principalName();
  // now authenticate...
  PrincipalData princData;
  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
    throwException( "Invalid credentials provided.(0)",
            "CredentialStore::startSession");
  }
  auth::Cipher cipher0( m_key.principalKey() );
  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
  if( verifStr != principalName ){
    throwException( "Invalid credentials provided (1)",
            "CredentialStore::startSession");
  }
  // ok, authenticated!
  m_principalId = princData.id;
  m_principalKey = cipher0.b64decrypt( princData.principalKey );
  
  if(!readMode ) {

    auth::Cipher cipher0( m_principalKey );
    std::string adminKey = cipher0.b64decrypt( princData.adminKey );
    if( adminKey != m_principalKey ){
      // not admin user!
      throwException( "Provided credentials does not allow admin operation.",
              "CredentialStore::openSession");
    }
    
    // first find the credentials for WRITING in the security tables
    std::unique_ptr<coral::IQuery> query(schema.newQuery());
    query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
    query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
    coral::AttributeList readBuff;
    readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
    readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
    readBuff.extend<std::string>("CREDS."+USERNAME_COL);
    readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
    readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
    coral::AttributeList whereData;
    whereData.extend<int>(P_ID_COL);
    whereData.extend<std::string>(ROLE_COL);
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ P_ID_COL ].data<int>() = m_principalId;
    whereData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
    whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
    std::stringstream whereClause;
    whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
    whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
    whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
    whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
    query->defineOutput(readBuff);
    query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
    query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
    query->addToOutputList( "CREDS."+USERNAME_COL );
    query->addToOutputList( "CREDS."+PASSWORD_COL );
    query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
    query->setCondition( whereClause.str(), whereData );
    coral::ICursor& cursor = query->execute();
    bool found = false;
    std::string writeUserName("");
    std::string writePassword("");
    if ( cursor.next() ) {
      const coral::AttributeList& row = cursor.currentRow();
      const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
      const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
      std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
      auth::Cipher cipher1( connectionKey );
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
      const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
      if( cipher1.b64decrypt( verificationKey ) != connLabel  ){
    throwException( "Could not decrypt credentials.Provided key is invalid.",
            "CredentialStore::startSession");
      }
      writeUserName = cipher1.b64decrypt( encryptedUserName );
      writePassword = cipher1.b64decrypt( encryptedPassword );
      found = true;
    }
    if( ! found ){
      throwException( "Provided credentials are invalid for write access.",
              "CredentialStore::openSession");
    }
    m_session->transaction().commit();
    m_session->endUserSession();
    openSession( connTokens.second, writeUserName, writePassword, false );

  }
}   

void cond::CredentialStore::startSuperSession ( const std::string &  connectionString, const std::string &  userName, const std::string &  password  )

private

Definition at line 592 of file CredentialStore.cc.

                                                      {
  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
  openSession( connTokens.second, userName, password, false );
}

bool cond::CredentialStore::unsetPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString
	)

Definition at line 1079 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                            {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::unsetPermission");
  }

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  coral::AttributeList deleteData;
  deleteData.extend<int>( P_ID_COL );
  deleteData.extend<std::string>( ROLE_COL );
  deleteData.extend<std::string>( SCHEMA_COL );
  deleteData[ P_ID_COL ].data<int>() = princData.id;
  deleteData[ ROLE_COL ].data<std::string>() = role;
  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
  std::stringstream whereClause;
  whereClause << P_ID_COL+" = :"+P_ID_COL;
  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  editor.deleteRows( whereClause.str(), deleteData );
  session.close();
  return true;
}

bool cond::CredentialStore::updateConnection	(	const std::string &	connectionLabel,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 1111 of file CredentialStore.cc.

References cond::CSScopedSession::close(), m_principalKey, m_session, dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and cond::updateConnectionData().

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

                                                     {
  CSScopedSession session( *this );
  session.start( false  );

  m_session->transaction().start();
  coral::ISchema& schema = m_session->nominalSchema();
  updateConnectionData( schema, m_principalKey, connectionLabel, userName, password, true ); 

  session.close();
  return true;
}

bool cond::CredentialStore::updatePrincipal	(	const std::string &	principalName,
		const std::string &	authenticationKey,
		bool	setAdmin = false
	)

bool cond::CredentialStore::installAdmin( const std::string& userName, const std::string& password ){ if(!m_serviceData){ throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" ); } const std::string& connectionString = m_serviceData->connectionString; const std::string& principalName = m_key.principalName();

CSScopedSession session( *this ); session.startSuper( connectionString, userName, password );

coral::ISchema& schema = m_session->nominalSchema();

PrincipalData princData; bool found = selectPrincipal( schema, principalName, princData );

if( found ){ std::string msg("Principal \""); msg += principalName + "" has been installed already."; throwException(msg,"CredentialStore::installAdmin"); }

auth::KeyGenerator gen; m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );

coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

int principalId = -1; if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );

auth::Cipher cipher0( m_key.principalKey() ); auth::Cipher cipher1( m_principalKey );

coral::AttributeList authData; editor0.rowBuffer(authData); authData[ PRINCIPAL_ID_COL ].data<int>() = principalId; authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName; authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName ); authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey ); authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey ); editor0.insertRow( authData );

std::string connLabel = schemaLabelForCredentialStore( connectionString ); auth::DecodingKey tmpKey; std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE ); std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );

auth::Cipher cipher2( connectionKey ); std::string encryptedUserName = cipher2.b64encrypt( userName ); std::string encryptedPassword = cipher2.b64encrypt( password ); std::string encryptedLabel = cipher2.b64encrypt( connLabel );

int connId = -1; if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );

coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor(); coral::AttributeList connectionData; editor1.rowBuffer(connectionData); connectionData[ CONNECTION_ID_COL ].data<int>() = connId; connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel; connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName; connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword; connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel; connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey; editor1.insertRow( connectionData );

int authId = -1; if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );

coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor(); coral::AttributeList permissionData; editor2.rowBuffer(permissionData); permissionData[ AUTH_ID_COL ].data<int>() = authId; permissionData[ P_ID_COL ].data<int>() = principalId; permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE; permissionData[ SCHEMA_COL ].data<std::string>() = connectionString; permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey; permissionData[ C_ID_COL ].data<int>() = connId; editor2.insertRow( permissionData );

session.close(); return true; }

Definition at line 1020 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::auth::ServiceCredentials::connectionString, cond::CredentialData::id, m_key, m_principalKey, m_serviceData, m_session, cond::auth::DecodingKey::principalName(), dataDML::schema, cond::selectConnection(), selectPermissions(), dataDML::session, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

                                        {
  CSScopedSession session( *this );
  session.start( false );
  coral::ISchema& schema = m_session->nominalSchema();
  auto princData = updatePrincipalData( schema, m_principalKey, principalName, authenticationKey );
  bool ret = false;
  if(setAdmin){
    int princId = princData.first;
    std::string princKey = m_principalKey;
    std::string connString = m_serviceData->connectionString;
    std::vector<Permission> permissions;
    if( !selectPermissions( m_key.principalName(), auth::COND_ADMIN_ROLE, connString, permissions ) ){
      throwException("The current operating user is not admin user on the underlying Credential Store.","CredentialStore::updatePrincipal"); 
    }
    std::string connLabel = permissions.front().connectionLabel;
    CredentialData credsData;
    if(!selectConnection( schema, connLabel, credsData )){
      throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
    }  
    auth::Cipher adminCipher( m_principalKey );
    ret = setPermissionData( schema, princId, princKey, auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
  }
  session.close();
  return ret;
}

Friends And Related Function Documentation

friend class CSScopedSession

friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE

static

Definition at line 87 of file CredentialStore.h.

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection

private

Definition at line 157 of file CredentialStore.h.

auth::DecodingKey cond::CredentialStore::m_key

private

Definition at line 167 of file CredentialStore.h.

Referenced by createSchema(), keyPrincipalName(), resetAdmin(), setUpForService(), and updatePrincipal().

int cond::CredentialStore::m_principalId

private

Definition at line 160 of file CredentialStore.h.

Referenced by selectForUser().

std::string cond::CredentialStore::m_principalKey

private

Definition at line 162 of file CredentialStore.h.

Referenced by createSchema(), exportAll(), importForPrincipal(), listConnections(), resetAdmin(), selectForUser(), setPermission(), updateConnection(), and updatePrincipal().

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData

private

Definition at line 165 of file CredentialStore.h.

Referenced by createSchema(), resetAdmin(), setUpForService(), and updatePrincipal().

std::string cond::CredentialStore::m_serviceName

private

Definition at line 164 of file CredentialStore.h.

Referenced by createSchema(), resetAdmin(), and setUpForService().

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session

private

Definition at line 158 of file CredentialStore.h.

Referenced by createSchema(), drop(), exportAll(), importForPrincipal(), listConnections(), listPrincipals(), removeConnection(), removePrincipal(), resetAdmin(), selectForUser(), selectPermissions(), setPermission(), unsetPermission(), updateConnection(), and updatePrincipal().