#include <CredentialStore.h>

Classes
struct	Permission

Public Member Functions
bool	createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)

	CredentialStore ()
	Standard Constructor. More...

bool	drop (const std::string &connectionString, const std::string &userName, const std::string &password)

bool	exportAll (coral_bridge::AuthenticationCredentialSet &data)

std::pair< std::string, std::string >	getUserCredentials (const std::string &connectionString, const std::string &role)

bool	importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
	import data More...

const std::string &	keyPrincipalName ()

bool	listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)

bool	listPrincipals (std::vector< std::string > &destination)

std::string	log ()

bool	removeConnection (const std::string &connectionLabel)

bool	removePrincipal (const std::string &principal)

bool	resetAdmin (const std::string &userName, const std::string &password)

bool	selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)

bool	selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)

const std::string &	serviceName ()

bool	setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)

std::string	setUpForConnectionString (const std::string &connectionString, const std::string &authPath)

std::string	setUpForService (const std::string &serviceName, const std::string &authPath)
	Sets the initialization parameters. More...

size_t	unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)

bool	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)

bool	updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)

virtual	~CredentialStore ()
	Standard Destructor. More...

Static Public Attributes
static const std::string	DEFAULT_DATA_SOURCE

Private Member Functions
void	closeSession (bool commit=true)

std::pair< std::string, std::string >	openConnection (const std::string &connectionString)

void	openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)

void	openSession (bool readOnly=true)

void	startSession (bool readMode)

void	startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)

Private Attributes
std::string	m_authenticatedPrincipal

std::shared_ptr< coral::IConnection >	m_connection

auth::DecodingKey	m_key

std::stringstream	m_log

int	m_principalId

std::string	m_principalKey

const auth::ServiceCredentials *	m_serviceData

std::string	m_serviceName

std::shared_ptr< coral::ISession >	m_session

Friends
class	CSScopedSession

Detailed Description

Definition at line 85 of file CredentialStore.h.

Constructor & Destructor Documentation

◆ CredentialStore()

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 746 of file CredentialStore.cc.

     : m_connection(),
       m_session(),
       m_authenticatedPrincipal(""),
       m_principalId(-1),
       m_principalKey(""),
       m_serviceName(""),
       m_serviceData(nullptr),
       m_key(),
       m_log() {}

◆ ~CredentialStore()

cond::CredentialStore::~CredentialStore ( )

virtual

Standard Destructor.

Definition at line 757 of file CredentialStore.cc.

757 {}

Member Function Documentation

◆ closeSession()

void cond::CredentialStore::closeSession ( bool commit = true )

private

Definition at line 586 of file CredentialStore.cc.

                                                   {
   if (m_session.get()) {
     if (m_session->transaction().isActive()) {
       if (commit) {
         m_session->transaction().commit();
       } else {
         m_session->transaction().rollback();
       }
     }
     m_session->endUserSession();
   }
   m_session.reset();
   if (m_connection.get()) {
     m_connection->disconnect();
   }
   m_connection.reset();
   m_log << "Session has been closed." << std::endl;
 }

◆ createSchema()

bool cond::CredentialStore::createSchema	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 817 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, gather_cfg::cout, CREDENTIAL_TABLE(), MillePedeFileConverter_cfg::e, Exception, relval_steps::gen(), P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::schemaLabel(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE(), SEQUENCE_VALUE_COL(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), tname(), cond::updateConnectionData(), cond::updatePrincipalData(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                     {
   CSScopedSession session(*this);
   session.startSuper(connectionString, userName, password);
 
   coral::ISchema& schema = m_session->nominalSchema();
   std::string authentication_table_name = tname(AUTHENTICATION_TABLE, m_key.version());
   if (schema.existsTable(authentication_table_name)) {
     throwException("Credential database, already exists.", "CredentialStore::create");
   }
 
   m_log << "Creating sequence table." << std::endl;
   std::string sequence_table_name = tname(SEQUENCE_TABLE, m_key.version());
   coral::TableDescription dseq;
   dseq.setName(sequence_table_name);
   dseq.insertColumn(SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>());
   dseq.setNotNullConstraint(SEQUENCE_NAME_COL);
   dseq.insertColumn(SEQUENCE_VALUE_COL, coral::AttributeSpecification::typeNameForType<int>());
   dseq.setNotNullConstraint(SEQUENCE_VALUE_COL);
   dseq.setPrimaryKey(std::vector<std::string>(1, SEQUENCE_NAME_COL));
   schema.createTable(dseq);
 
   int columnSize = 2000;
 
   m_log << "Creating authentication table." << std::endl;
   // authentication table
   addSequence(m_key.version(), schema, authentication_table_name);
   coral::TableDescription descr0;
   descr0.setName(authentication_table_name);
   descr0.insertColumn(PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr0.insertColumn(
       PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr0.insertColumn(
       VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr0.insertColumn(
       PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr0.insertColumn(ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr0.setNotNullConstraint(PRINCIPAL_ID_COL);
   descr0.setNotNullConstraint(PRINCIPAL_NAME_COL);
   descr0.setNotNullConstraint(VERIFICATION_COL);
   descr0.setNotNullConstraint(PRINCIPAL_KEY_COL);
   descr0.setNotNullConstraint(ADMIN_KEY_COL);
   std::vector<std::string> columnsUnique;
   columnsUnique.push_back(PRINCIPAL_NAME_COL);
   descr0.setUniqueConstraint(columnsUnique);
   std::vector<std::string> columnsForIndex;
   columnsForIndex.push_back(PRINCIPAL_ID_COL);
   descr0.setPrimaryKey(columnsForIndex);
   schema.createTable(descr0);
 
   m_log << "Creating authorization table." << std::endl;
   std::string authorization_table_name = tname(AUTHORIZATION_TABLE, m_key.version());
   // authorization table
   addSequence(m_key.version(), schema, authorization_table_name);
   coral::TableDescription descr1;
   descr1.setName(authorization_table_name);
   descr1.insertColumn(AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.insertColumn(P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.insertColumn(ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr1.insertColumn(SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr1.insertColumn(AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr1.insertColumn(C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.setNotNullConstraint(AUTH_ID_COL);
   descr1.setNotNullConstraint(P_ID_COL);
   descr1.setNotNullConstraint(ROLE_COL);
   descr1.setNotNullConstraint(SCHEMA_COL);
   descr1.setNotNullConstraint(AUTH_KEY_COL);
   descr1.setNotNullConstraint(C_ID_COL);
   columnsUnique.clear();
   columnsUnique.push_back(P_ID_COL);
   columnsUnique.push_back(ROLE_COL);
   columnsUnique.push_back(SCHEMA_COL);
   descr1.setUniqueConstraint(columnsUnique);
   columnsForIndex.clear();
   columnsForIndex.push_back(AUTH_ID_COL);
   descr1.setPrimaryKey(columnsForIndex);
   schema.createTable(descr1);
 
   m_log << "Creating credential table." << std::endl;
   std::string credential_table_name = tname(CREDENTIAL_TABLE, m_key.version());
   // credential table
   addSequence(m_key.version(), schema, credential_table_name);
   coral::TableDescription descr2;
   descr2.setName(credential_table_name);
   descr2.insertColumn(CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr2.insertColumn(
       CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr2.insertColumn(USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr2.insertColumn(PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr2.insertColumn(
       VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr2.insertColumn(
       CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(), columnSize, false);
   descr2.setNotNullConstraint(CONNECTION_ID_COL);
   descr2.setNotNullConstraint(CONNECTION_LABEL_COL);
   descr2.setNotNullConstraint(USERNAME_COL);
   descr2.setNotNullConstraint(PASSWORD_COL);
   descr2.setNotNullConstraint(VERIFICATION_KEY_COL);
   descr2.setNotNullConstraint(CONNECTION_KEY_COL);
   columnsUnique.clear();
   columnsUnique.push_back(CONNECTION_LABEL_COL);
   descr2.setUniqueConstraint(columnsUnique);
   columnsForIndex.clear();
   columnsForIndex.push_back(CONNECTION_ID_COL);
   descr2.setPrimaryKey(columnsForIndex);
   schema.createTable(descr2);
 
   try {
     schema.tableHandle(authentication_table_name)
         .privilegeManager()
         .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
     schema.tableHandle(authorization_table_name)
         .privilegeManager()
         .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
     schema.tableHandle(credential_table_name)
         .privilegeManager()
         .grantToUser(m_serviceData->userName, coral::ITablePrivilegeManager::Select);
   } catch (const coral::Exception& e) {
     std::cout << "WARNING: Could not grant select access to user " << m_serviceData->userName << ": [" << e.what()
               << "]" << std::endl;
   }
   m_log << "Granting ADMIN access permission." << std::endl;
   auth::KeyGenerator gen;
   m_principalKey = gen.make(auth::COND_DB_KEY_SIZE);
   auto princData = updatePrincipalData(
       m_key.version(), schema, m_key.principalKey(), m_key.principalName(), m_principalKey, true, m_log);
   std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
   auto connParams = updateConnectionData(
       m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
   bool ret = setPermissionData(m_key.version(),
                                schema,
                                princData.first,
                                m_principalKey,
                                auth::COND_ADMIN_ROLE,
                                connectionString,
                                connParams.first,
                                connParams.second,
                                m_log);
   session.close();
   return ret;
 }

◆ drop()

bool cond::CredentialStore::drop	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 960 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), EcalCondDBWriter_cfi::password, SEQUENCE_TABLE(), cond::CSScopedSession::startSuper(), tname(), and EcalCondDBWriter_cfi::userName.

                                                             {
   CSScopedSession session(*this);
   session.startSuper(connectionString, userName, password);
 
   m_log << "Dropping AUTHORIZATION, CREDENTIAL, AUTHENTICATION and SEQUENCE tables." << std::endl;
   coral::ISchema& schema = m_session->nominalSchema();
   schema.dropIfExistsTable(tname(AUTHORIZATION_TABLE, m_key.version()));
   schema.dropIfExistsTable(tname(CREDENTIAL_TABLE, m_key.version()));
   schema.dropIfExistsTable(tname(AUTHENTICATION_TABLE, m_key.version()));
   schema.dropIfExistsTable(tname(SEQUENCE_TABLE, m_key.version()));
   session.close();
   return true;
 }

◆ exportAll()

bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet & data )

Definition at line 1525 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), data, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                  {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
   std::unique_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
   query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHO." + ROLE_COL);
   readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
   readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
   readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
   readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
   readBuff.extend<std::string>("CREDS." + USERNAME_COL);
   readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
   coral::AttributeList whereData;
   std::stringstream whereClause;
   whereClause << "AUTHO." << C_ID_COL << "="
               << "CREDS." << CONNECTION_ID_COL;
 
   query->defineOutput(readBuff);
   query->addToOutputList("AUTHO." + ROLE_COL);
   query->addToOutputList("AUTHO." + SCHEMA_COL);
   query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
   query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
   query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
   query->addToOutputList("CREDS." + USERNAME_COL);
   query->addToOutputList("CREDS." + PASSWORD_COL);
   query->setCondition(whereClause.str(), whereData);
   coral::ICursor& cursor = query->execute();
   bool found = false;
   auth::Cipher cipher0(m_principalKey);
   while (cursor.next()) {
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
     const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
     const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
     const std::string& encryptedVerifKey = row["CREDS." + VERIFICATION_KEY_COL].data<std::string>();
     const std::string& encryptedConnection = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
     std::string userName("");
     std::string password("");
     std::string connectionKey = cipher0.b64decrypt(encryptedConnection);
     auth::Cipher cipher1(connectionKey);
     std::string verifKey = cipher1.b64decrypt(encryptedVerifKey);
     if (verifKey == connectionLabel) {
       const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
       const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
       userName = cipher1.b64decrypt(encryptedUserName);
       password = cipher1.b64decrypt(encryptedPassword);
     }
     data.registerCredentials(to_lower(connectionString), role, userName, password);
     found = true;
   }
   session.close();
   return found;
 }

◆ getUserCredentials()

std::pair< std::string, std::string > cond::CredentialStore::getUserCredentials	(	const std::string &	connectionString,
		const std::string &	role
	)

Definition at line 1288 of file CredentialStore.cc.

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, runTheMatrix::ret, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::getDbCredentials().

                                                                                                      {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
 
   auth::Cipher cipher(m_principalKey);
 
   std::unique_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
   query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
   readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
   readBuff.extend<std::string>("CREDS." + USERNAME_COL);
   readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
   readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
   coral::AttributeList whereData;
   whereData.extend<int>(P_ID_COL);
   whereData.extend<std::string>(SCHEMA_COL);
   whereData.extend<std::string>(ROLE_COL);
   whereData[P_ID_COL].data<int>() = m_principalId;
   whereData[SCHEMA_COL].data<std::string>() = to_lower(connectionString);
   whereData[ROLE_COL].data<std::string>() = role;
   std::stringstream whereClause;
   whereClause << "AUTHO." << C_ID_COL << "="
               << "CREDS." << CONNECTION_ID_COL;
   whereClause << " AND "
               << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
   whereClause << " AND "
               << "AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
   whereClause << " AND "
               << "AUTHO." << ROLE_COL << " = :" << ROLE_COL;
   query->defineOutput(readBuff);
   query->addToOutputList("AUTHO." + AUTH_KEY_COL);
   query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
   query->addToOutputList("CREDS." + USERNAME_COL);
   query->addToOutputList("CREDS." + PASSWORD_COL);
   query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
   query->setCondition(whereClause.str(), whereData);
   coral::ICursor& cursor = query->execute();
   auto ret = std::make_pair(std::string(""), std::string(""));
   if (cursor.next()) {
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
     const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
     const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
     const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
     std::string authKey = cipher.b64decrypt(encryptedAuthKey);
     auth::Cipher connCipher(authKey);
     std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
     if (verificationString == connectionLabel) {
       ret.first = connCipher.b64decrypt(encryptedUserName);
       ret.second = connCipher.b64decrypt(encryptedPassword);
     }
   }
   session.close();
   return ret;
 }

◆ importForPrincipal()

bool cond::CredentialStore::importForPrincipal	(	const std::string &	principal,
		const coral_bridge::AuthenticationCredentialSet &	data,
		bool	forceUpdateConnection = `false`
	)

import data

Definition at line 1348 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), getInfo::conn, l1RCTOmdsFedVectorProducer_cfi::connectionString, L1TdeStage2CaloLayer1_cfi::dataSource, newFWLiteAna::found, cond::PrincipalData::id, genParticles_cff::map, mps_check::msg, writedatasetfile::parser, EcalCondDBWriter_cfi::password, cond::schemaLabel(), cond::selectPrincipal(), serviceName, cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

                                                                            {
   CSScopedSession session(*this);
   session.start(false);
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal(m_key.version(), schema, principal, princData);
 
   if (!found) {
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException(msg, "CredentialStore::importForPrincipal");
   }
 
   bool imported = false;
   auth::Cipher cipher(m_principalKey);
   std::string princKey = cipher.b64decrypt(princData.adminKey);
 
   const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& creds = dataSource.data();
   for (std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>::const_iterator iConn =
            creds.begin();
        iConn != creds.end();
        ++iConn) {
     const std::string& connectionString = iConn->first.first;
     coral::URIParser parser;
     parser.setURI(connectionString);
     std::string serviceName = parser.hostName();
     const std::string& role = iConn->first.second;
     std::string userName = iConn->second->valueForItem(coral::IAuthenticationCredentials::userItem());
     std::string password = iConn->second->valueForItem(coral::IAuthenticationCredentials::passwordItem());
     // first import the connections
     std::pair<int, std::string> conn = updateConnectionData(m_key.version(),
                                                             schema,
                                                             m_principalKey,
                                                             schemaLabel(serviceName, userName),
                                                             userName,
                                                             password,
                                                             forceUpdateConnection,
                                                             m_log);
     auth::Cipher cipher(m_principalKey);
     // than set the permission for the specific role
     setPermissionData(
         m_key.version(), schema, princData.id, princKey, role, connectionString, conn.first, conn.second, m_log);
     imported = true;
   }
   session.close();
   return imported;
 }

◆ keyPrincipalName()

const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1584 of file CredentialStore.cc.

Referenced by cond::getDbCredentials().

1584 { return m_authenticatedPrincipal; }

cond::CredentialStore::m_authenticatedPrincipal

std::string m_authenticatedPrincipal

Definition: CredentialStore.h:178

◆ listConnections()

bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > & destination )

Definition at line 1419 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, EcalCondDBWriter_cfi::password, PASSWORD_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                         {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
 
   std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).newQuery());
   coral::AttributeList readBuff;
   readBuff.extend<std::string>(CONNECTION_LABEL_COL);
   readBuff.extend<std::string>(USERNAME_COL);
   readBuff.extend<std::string>(PASSWORD_COL);
   readBuff.extend<std::string>(VERIFICATION_KEY_COL);
   readBuff.extend<std::string>(CONNECTION_KEY_COL);
   query->defineOutput(readBuff);
   query->addToOutputList(CONNECTION_LABEL_COL);
   query->addToOutputList(USERNAME_COL);
   query->addToOutputList(PASSWORD_COL);
   query->addToOutputList(VERIFICATION_KEY_COL);
   query->addToOutputList(CONNECTION_KEY_COL);
   coral::ICursor& cursor = query->execute();
   bool found = false;
   auth::Cipher cipher0(m_principalKey);
   while (cursor.next()) {
     std::string userName("");
     std::string password("");
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& connLabel = row[CONNECTION_LABEL_COL].data<std::string>();
     const std::string& encryptedKey = row[CONNECTION_KEY_COL].data<std::string>();
     const std::string& encryptedVerif = row[VERIFICATION_KEY_COL].data<std::string>();
     std::string connKey = cipher0.b64decrypt(encryptedKey);
     auth::Cipher cipher1(connKey);
     std::string verif = cipher1.b64decrypt(encryptedVerif);
     if (verif == connLabel) {
       const std::string& encryptedUserName = row[USERNAME_COL].data<std::string>();
       const std::string& encryptedPassword = row[PASSWORD_COL].data<std::string>();
       userName = cipher1.b64decrypt(encryptedUserName);
       password = cipher1.b64decrypt(encryptedPassword);
     }
     destination.insert(std::make_pair(connLabel, std::make_pair(userName, password)));
     found = true;
   }
   session.close();
   return found;
 }

◆ listPrincipals()

bool cond::CredentialStore::listPrincipals ( std::vector< std::string > & destination )

Definition at line 1398 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), cond::CSScopedSession::close(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, PRINCIPAL_NAME_COL(), contentValuesFiles::query, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and tname().

                                                                           {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
 
   std::unique_ptr<coral::IQuery> query(schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).newQuery());
   coral::AttributeList readBuff;
   readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
   query->defineOutput(readBuff);
   query->addToOutputList(PRINCIPAL_NAME_COL);
   coral::ICursor& cursor = query->execute();
   bool found = false;
   while (cursor.next()) {
     found = true;
     const coral::AttributeList& row = cursor.currentRow();
     destination.push_back(row[PRINCIPAL_NAME_COL].data<std::string>());
   }
   session.close();
   return found;
 }

◆ log()

std::string cond::CredentialStore::log ( )

Definition at line 1586 of file CredentialStore.cc.

Referenced by personalPlayback.Playback::do_create_lumi(), personalPlayback.Playback::do_exec(), personalPlayback.FrameworkJob::do_exec(), conddbCopyTest.CopyTest::execute(), personalPlayback.FrameworkJob::start_run(), and conditionUploadTest.UploadTest::upload().

1586 { return m_log.str(); }

cond::CredentialStore::m_log

std::stringstream m_log

Definition: CredentialStore.h:188

◆ openConnection()

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string & connectionString )

private

Definition at line 605 of file CredentialStore.cc.

References l1RCTOmdsFedVectorProducer_cfi::connectionString, and instance.

                                                                                                    {
   coral::IHandle<coral::IRelationalService> relationalService =
       coral::Context::instance().query<coral::IRelationalService>();
   if (!relationalService.isValid()) {
     coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
     relationalService = coral::Context::instance().query<coral::IRelationalService>();
   }
   coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
   std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
   m_connection.reset(domain.newConnection(connTokens.first));
   m_connection->connect();
   return connTokens;
 }

◆ openSession() [1/2]

void cond::CredentialStore::openSession	(	const std::string &	schemaName,
		const std::string &	userName,
		const std::string &	password,
		bool	readMode
	)

private

Definition at line 619 of file CredentialStore.cc.

References EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

                                                        {
   coral::AccessMode accessMode = coral::ReadOnly;
   if (!readMode)
     accessMode = coral::Update;
   m_session.reset(m_connection->newSession(schemaName, accessMode));
   m_session->startUserSession(userName, password);
   // open read-only transaction
   m_session->transaction().start(readMode);
   m_log << "New session opened." << std::endl;
 }

◆ openSession() [2/2]

void cond::CredentialStore::openSession ( bool readOnly = true )

private

◆ removeConnection()

bool cond::CredentialStore::removeConnection ( const std::string & connectionLabel )

Definition at line 1195 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::CredentialData::id, mps_check::msg, cond::selectConnection(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

                                                                            {
   CSScopedSession session(*this);
   session.start(false);
   coral::ISchema& schema = m_session->nominalSchema();
 
   CredentialData credsData;
   bool found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
 
   if (!found) {
     std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
     throwException(msg, "CredentialStore::removeConnection");
   }
 
   m_log << "Removing connection " << connectionLabel << std::endl;
   coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
 
   coral::AttributeList deleteData0;
   deleteData0.extend<int>(C_ID_COL);
   deleteData0[C_ID_COL].data<int>() = credsData.id;
   std::string whereClause0 = C_ID_COL + " = :" + C_ID_COL;
   editor0.deleteRows(whereClause0, deleteData0);
 
   coral::ITableDataEditor& editor1 = schema.tableHandle(tname(CREDENTIAL_TABLE, m_key.version())).dataEditor();
 
   coral::AttributeList deleteData1;
   deleteData1.extend<int>(CONNECTION_ID_COL);
   deleteData1[CONNECTION_ID_COL].data<int>() = credsData.id;
   std::string whereClause1 = CONNECTION_ID_COL + " = :" + CONNECTION_ID_COL;
   editor1.deleteRows(whereClause1, deleteData1);
 
   session.close();
 
   return true;
 }

◆ removePrincipal()

bool cond::CredentialStore::removePrincipal ( const std::string & principal )

Definition at line 1159 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), newFWLiteAna::found, cond::PrincipalData::id, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

                                                                     {
   CSScopedSession session(*this);
   session.start(false);
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal(m_key.version(), schema, principal, princData);
 
   if (!found) {
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException(msg, "CredentialStore::removePrincipal");
   }
 
   m_log << "Removing principal " << principal << " (id: " << princData.id << ")" << std::endl;
 
   coral::ITableDataEditor& editor0 = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
 
   coral::AttributeList deleteData0;
   deleteData0.extend<int>(P_ID_COL);
   deleteData0[P_ID_COL].data<int>() = princData.id;
   std::string whereClause0 = P_ID_COL + " = :" + P_ID_COL;
   editor0.deleteRows(whereClause0, deleteData0);
 
   coral::ITableDataEditor& editor1 = schema.tableHandle(tname(AUTHENTICATION_TABLE, m_key.version())).dataEditor();
 
   coral::AttributeList deleteData1;
   deleteData1.extend<int>(PRINCIPAL_ID_COL);
   deleteData1[PRINCIPAL_ID_COL].data<int>() = princData.id;
   std::string whereClause1 = PRINCIPAL_ID_COL + " = :" + PRINCIPAL_ID_COL;
   editor1.deleteRows(whereClause1, deleteData1);
 
   session.close();
 
   return true;
 }

◆ resetAdmin()

bool cond::CredentialStore::resetAdmin	(	const std::string &	userName,
		const std::string &	password
	)

Definition at line 976 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, l1RCTOmdsFedVectorProducer_cfi::connectionString, mps_check::msg, AlCaHLTBitMon_ParallelJobs::p, EcalCondDBWriter_cfi::password, cond::PrincipalData::principalKey, runTheMatrix::ret, cond::schemaLabel(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), cond::updateConnectionData(), cond::updatePrincipalData(), and EcalCondDBWriter_cfi::userName.

                                                                                          {
   if (!m_serviceData) {
     throwException("The credential store has not been initialized.", "cond::CredentialStore::installAdmin");
   }
   const std::string& connectionString = m_serviceData->connectionString;
 
   CSScopedSession session(*this);
   session.startSuper(connectionString, userName, password);
 
   coral::ISchema& schema = m_session->nominalSchema();
   const std::string& principalName = m_key.principalName();
   const std::string& authenticationKey = m_key.principalKey();
   PrincipalData princData;
   if (!selectPrincipal(m_key.version(), schema, principalName, princData)) {
     std::string msg("User \"");
     msg += principalName + "\" has not been found.";
     throwException(msg, "CredentialStore::resetAdmin");
   }
   auth::Cipher cipher0(authenticationKey);
   m_principalKey = cipher0.b64decrypt(princData.principalKey);
 
   auto p = updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
   std::string credentialAccessLabel = schemaLabel(m_serviceName, userName);
   auto connParams = updateConnectionData(
       m_key.version(), schema, m_principalKey, credentialAccessLabel, userName, password, true, m_log);
   bool ret = setPermissionData(m_key.version(),
                                schema,
                                p.first,
                                m_principalKey,
                                auth::COND_ADMIN_ROLE,
                                connectionString,
                                connParams.first,
                                connParams.second,
                                m_log);
   session.close();
   return ret;
 }

◆ selectForUser()

bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet & destinationData )

Definition at line 1230 of file CredentialStore.cc.

References AUTH_KEY_COL(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), l1RCTOmdsFedVectorProducer_cfi::connectionString, CREDENTIAL_TABLE(), P_ID_COL(), PASSWORD_COL(), contentValuesFiles::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), to_lower(), USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                 {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
 
   auth::Cipher cipher(m_principalKey);
 
   std::unique_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
   query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHO." + ROLE_COL);
   readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
   readBuff.extend<std::string>("AUTHO." + AUTH_KEY_COL);
   readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
   readBuff.extend<std::string>("CREDS." + USERNAME_COL);
   readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
   readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
   coral::AttributeList whereData;
   whereData.extend<int>(P_ID_COL);
   whereData[P_ID_COL].data<int>() = m_principalId;
   std::stringstream whereClause;
   whereClause << "AUTHO." << C_ID_COL << "="
               << "CREDS." << CONNECTION_ID_COL;
   whereClause << " AND "
               << "AUTHO." << P_ID_COL << " = :" << P_ID_COL;
   query->defineOutput(readBuff);
   query->addToOutputList("AUTHO." + ROLE_COL);
   query->addToOutputList("AUTHO." + SCHEMA_COL);
   query->addToOutputList("AUTHO." + AUTH_KEY_COL);
   query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
   query->addToOutputList("CREDS." + USERNAME_COL);
   query->addToOutputList("CREDS." + PASSWORD_COL);
   query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
   query->setCondition(whereClause.str(), whereData);
   coral::ICursor& cursor = query->execute();
   while (cursor.next()) {
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& role = row["AUTHO." + ROLE_COL].data<std::string>();
     const std::string& connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
     const std::string& encryptedAuthKey = row["AUTHO." + AUTH_KEY_COL].data<std::string>();
     const std::string& connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
     const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
     const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
     std::string authKey = cipher.b64decrypt(encryptedAuthKey);
     auth::Cipher connCipher(authKey);
     std::string verificationString = connCipher.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
     if (verificationString == connectionLabel) {
       destinationData.registerCredentials(to_lower(connectionString),
                                           role,
                                           connCipher.b64decrypt(encryptedUserName),
                                           connCipher.b64decrypt(encryptedPassword));
     }
   }
   session.close();
   return true;
 }

◆ selectPermissions()

bool cond::CredentialStore::selectPermissions	(	const std::string &	principalName,
		const std::string &	role,
		const std::string &	connectionString,
		std::vector< Permission > &	destination
	)

Definition at line 1463 of file CredentialStore.cc.

References AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), C_ID_COL(), cond::CSScopedSession::close(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, l1RCTOmdsFedVectorProducer_cfi::connectionString, cond::CredentialStore::Permission::connectionString, CREDENTIAL_TABLE(), HLTMuonOfflineAnalyzer_cff::destination, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, contentValuesFiles::query, cond::CredentialStore::Permission::role, ROLE_COL(), SCHEMA_COL(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, tname(), and to_lower().

                                                                                   {
   CSScopedSession session(*this);
   session.start(true);
   coral::ISchema& schema = m_session->nominalSchema();
   std::unique_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(tname(AUTHENTICATION_TABLE, m_key.version()), "AUTHE");
   query->addToTableList(tname(AUTHORIZATION_TABLE, m_key.version()), "AUTHO");
   query->addToTableList(tname(CREDENTIAL_TABLE, m_key.version()), "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHE." + PRINCIPAL_NAME_COL);
   readBuff.extend<std::string>("AUTHO." + ROLE_COL);
   readBuff.extend<std::string>("AUTHO." + SCHEMA_COL);
   readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
   coral::AttributeList whereData;
   std::stringstream whereClause;
   whereClause << "AUTHE." << PRINCIPAL_ID_COL << "= AUTHO." << P_ID_COL;
   whereClause << " AND AUTHO." << C_ID_COL << "="
               << "CREDS." << CONNECTION_ID_COL;
   if (!principalName.empty()) {
     whereData.extend<std::string>(PRINCIPAL_NAME_COL);
     whereData[PRINCIPAL_NAME_COL].data<std::string>() = principalName;
     whereClause << " AND AUTHE." << PRINCIPAL_NAME_COL << " = :" << PRINCIPAL_NAME_COL;
   }
   if (!role.empty()) {
     whereData.extend<std::string>(ROLE_COL);
     whereData[ROLE_COL].data<std::string>() = role;
     whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
   }
   if (!connectionString.empty()) {
     whereData.extend<std::string>(SCHEMA_COL);
     whereData[SCHEMA_COL].data<std::string>() = to_lower(connectionString);
     whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
   }
 
   query->defineOutput(readBuff);
   query->addToOutputList("AUTHE." + PRINCIPAL_NAME_COL);
   query->addToOutputList("AUTHO." + ROLE_COL);
   query->addToOutputList("AUTHO." + SCHEMA_COL);
   query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
   query->setCondition(whereClause.str(), whereData);
   query->addToOrderList("AUTHO." + SCHEMA_COL);
   query->addToOrderList("AUTHE." + PRINCIPAL_NAME_COL);
   query->addToOrderList("AUTHO." + ROLE_COL);
   coral::ICursor& cursor = query->execute();
   bool found = false;
   while (cursor.next()) {
     const coral::AttributeList& row = cursor.currentRow();
     destination.resize(destination.size() + 1);
     Permission& perm = destination.back();
     perm.principalName = row["AUTHE." + PRINCIPAL_NAME_COL].data<std::string>();
     perm.role = row["AUTHO." + ROLE_COL].data<std::string>();
     perm.connectionString = row["AUTHO." + SCHEMA_COL].data<std::string>();
     perm.connectionLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
     found = true;
   }
   session.close();
   return found;
 }

◆ serviceName()

const std::string & cond::CredentialStore::serviceName ( )

Definition at line 1582 of file CredentialStore.cc.

1582 { return m_serviceName; }

cond::CredentialStore::m_serviceName

std::string m_serviceName

Definition: CredentialStore.h:183

◆ setPermission()

bool cond::CredentialStore::setPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString,
		const std::string &	connectionLabel
	)

Definition at line 1052 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, mps_check::msg, runTheMatrix::ret, cond::selectConnection(), cond::selectPrincipal(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                             {
   CSScopedSession session(*this);
   session.start(false);
 
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal(m_key.version(), schema, principal, princData);
 
   if (!found) {
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException(msg, "CredentialStore::setPermission");
   }
 
   m_log << "Principal " << principal << " id: " << princData.id << std::endl;
   CredentialData credsData;
   found = selectConnection(m_key.version(), schema, connectionLabel, credsData);
 
   if (!found) {
     std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
     throwException(msg, "CredentialStore::setPermission");
   }
 
   auth::Cipher cipher(m_principalKey);
   bool ret = setPermissionData(m_key.version(),
                                schema,
                                princData.id,
                                cipher.b64decrypt(princData.adminKey),
                                role,
                                connectionString,
                                credsData.id,
                                cipher.b64decrypt(credsData.connectionKey),
                                m_log);
   session.close();
   return ret;
 }

◆ setUpForConnectionString()

std::string cond::CredentialStore::setUpForConnectionString	(	const std::string &	connectionString,
		const std::string &	authPath
	)

Definition at line 791 of file CredentialStore.cc.

References lumi_dqm_sourceclient-live_cfg::authPath, l1RCTOmdsFedVectorProducer_cfi::connectionString, instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::getDbCredentials().

                                                                                        {
   coral::IHandle<coral::IRelationalService> relationalService =
       coral::Context::instance().query<coral::IRelationalService>();
   if (!relationalService.isValid()) {
     coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
     relationalService = coral::Context::instance().query<coral::IRelationalService>();
   }
   coral::IRelationalDomain& domain = relationalService->domainForConnection(connectionString);
   std::pair<std::string, std::string> connTokens = domain.decodeUserConnectionString(connectionString);
   std::string& serviceName = connTokens.first;
   return setUpForService(serviceName, authPath);
 }

◆ setUpForService()

std::string cond::CredentialStore::setUpForService	(	const std::string &	serviceName,
		const std::string &	authPath
	)

Sets the initialization parameters.

Definition at line 759 of file CredentialStore.cc.

References lumi_dqm_sourceclient-live_cfg::authPath, cond::auth::COND_KEY, geometryDiff::file, cond::auth::DecodingKey::FILE_PATH, contentValuesFiles::fullPath, mps_check::msg, castor_dqm_sourceclient_file_cfg::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                                                       {
   if (serviceName.empty()) {
     throwException("Service name has not been provided.", "cond::CredentialStore::setUpConnection");
   }
   m_serviceName.clear();
   m_serviceData = nullptr;
 
   if (authPath.empty()) {
     throwException("The authentication Path has not been provided.", "cond::CredentialStore::setUpForService");
   }
   std::filesystem::path fullPath(authPath);
   if (!std::filesystem::exists(authPath) || !std::filesystem::is_directory(authPath)) {
     throwException("Authentication Path is invalid.", "cond::CredentialStore::setUpForService");
   }
   std::filesystem::path file(auth::DecodingKey::FILE_PATH);
   fullPath /= file;
 
   m_key.init(fullPath.string(), auth::COND_KEY);
 
   std::map<std::string, auth::ServiceCredentials>::const_iterator iK = m_key.services().find(serviceName);
   if (iK == m_key.services().end()) {
     std::string msg("");
     msg += "Service \"" + serviceName + "\" can't be open with the current key.";
     throwException(msg, "cond::CredentialStore::setUpConnection");
   }
   m_serviceName = serviceName;
   m_serviceData = &iK->second;
   m_log << "Opening Credential Store for service " << m_serviceName << " on " << m_serviceData->connectionString
         << std::endl;
   return m_serviceData->connectionString;
 }

◆ startSession()

void cond::CredentialStore::startSession ( bool readMode )

private

Definition at line 641 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, AUTHENTICATION_TABLE(), AUTHORIZATION_TABLE(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), CREDENTIAL_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), EcalCondDBWriter_cfi::password, PASSWORD_COL(), cond::PrincipalData::principalKey, contentValuesFiles::query, ROLE_COL(), SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), tname(), EcalCondDBWriter_cfi::userName, USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

                                                     {
   if (!m_serviceData) {
     throwException("The credential store has not been initialized.", "cond::CredentialStore::openConnection");
   }
   const std::string& storeConnectionString = m_serviceData->connectionString;
 
   std::pair<std::string, std::string> connTokens = openConnection(storeConnectionString);
 
   const std::string& userName = m_serviceData->userName;
   const std::string& password = m_serviceData->password;
 
   openSession(connTokens.second, userName, password, true);
 
   coral::ISchema& schema = m_session->nominalSchema();
   const std::string& schemaVersion = m_key.version();
   if (!schema.existsTable(tname(AUTHENTICATION_TABLE, schemaVersion)) ||
       !schema.existsTable(tname(AUTHORIZATION_TABLE, schemaVersion)) ||
       !schema.existsTable(tname(CREDENTIAL_TABLE, schemaVersion))) {
     throwException("Credential database does not exists in \"" + storeConnectionString + "\"",
                    "CredentialStore::startSession");
   }
 
   const std::string& principalName = m_key.principalName();
   // now authenticate...
   PrincipalData princData;
   if (!selectPrincipal(schemaVersion, m_session->nominalSchema(), principalName, princData)) {
     throwException("Invalid credentials provided.(0)", "CredentialStore::startSession");
   }
   auth::Cipher cipher0(m_key.principalKey());
   std::string verifStr = cipher0.b64decrypt(princData.verifKey);
   if (verifStr != principalName) {
     throwException("Invalid credentials provided (1)", "CredentialStore::startSession");
   }
   // ok, authenticated!
   m_principalId = princData.id;
   m_principalKey = cipher0.b64decrypt(princData.principalKey);
   m_authenticatedPrincipal = m_key.principalName();
 
   if (!readMode) {
     auth::Cipher cipher0(m_principalKey);
     std::string adminKey = cipher0.b64decrypt(princData.adminKey);
     if (adminKey != m_principalKey) {
       // not admin user!
       throwException("Provided credentials does not allow admin operation.", "CredentialStore::openSession");
     }
 
     // first find the credentials for WRITING in the security tables
     std::unique_ptr<coral::IQuery> query(schema.newQuery());
     query->addToTableList(tname(AUTHORIZATION_TABLE, schemaVersion), "AUTHO");
     query->addToTableList(tname(CREDENTIAL_TABLE, schemaVersion), "CREDS");
     coral::AttributeList readBuff;
     readBuff.extend<std::string>("CREDS." + CONNECTION_LABEL_COL);
     readBuff.extend<std::string>("CREDS." + CONNECTION_KEY_COL);
     readBuff.extend<std::string>("CREDS." + USERNAME_COL);
     readBuff.extend<std::string>("CREDS." + PASSWORD_COL);
     readBuff.extend<std::string>("CREDS." + VERIFICATION_KEY_COL);
     coral::AttributeList whereData;
     whereData.extend<int>(P_ID_COL);
     whereData.extend<std::string>(ROLE_COL);
     whereData.extend<std::string>(SCHEMA_COL);
     whereData[P_ID_COL].data<int>() = m_principalId;
     whereData[ROLE_COL].data<std::string>() = auth::COND_ADMIN_ROLE;
     whereData[SCHEMA_COL].data<std::string>() = storeConnectionString;
     std::stringstream whereClause;
     whereClause << "AUTHO." << C_ID_COL << " = CREDS." << CONNECTION_ID_COL;
     whereClause << " AND AUTHO." << P_ID_COL << " = :" << P_ID_COL;
     whereClause << " AND AUTHO." << ROLE_COL << " = :" << ROLE_COL;
     whereClause << " AND AUTHO." << SCHEMA_COL << " = :" << SCHEMA_COL;
     query->defineOutput(readBuff);
     query->addToOutputList("CREDS." + CONNECTION_LABEL_COL);
     query->addToOutputList("CREDS." + CONNECTION_KEY_COL);
     query->addToOutputList("CREDS." + USERNAME_COL);
     query->addToOutputList("CREDS." + PASSWORD_COL);
     query->addToOutputList("CREDS." + VERIFICATION_KEY_COL);
     query->setCondition(whereClause.str(), whereData);
     coral::ICursor& cursor = query->execute();
     bool found = false;
     std::string writeUserName("");
     std::string writePassword("");
     if (cursor.next()) {
       const coral::AttributeList& row = cursor.currentRow();
       const std::string& connLabel = row["CREDS." + CONNECTION_LABEL_COL].data<std::string>();
       const std::string& encryptedConnectionKey = row["CREDS." + CONNECTION_KEY_COL].data<std::string>();
       std::string connectionKey = cipher0.b64decrypt(encryptedConnectionKey);
       auth::Cipher cipher1(connectionKey);
       const std::string& encryptedUserName = row["CREDS." + USERNAME_COL].data<std::string>();
       const std::string& encryptedPassword = row["CREDS." + PASSWORD_COL].data<std::string>();
       std::string verificationKey = cipher1.b64decrypt(row["CREDS." + VERIFICATION_KEY_COL].data<std::string>());
       if (verificationKey != connLabel) {
         throwException("Could not decrypt credentials.Provided key is invalid.", "CredentialStore::startSession");
       }
       writeUserName = cipher1.b64decrypt(encryptedUserName);
       writePassword = cipher1.b64decrypt(encryptedPassword);
       found = true;
     }
     if (!found) {
       throwException("Provided credentials are invalid for write access.", "CredentialStore::openSession");
     }
     m_session->transaction().commit();
     m_session->endUserSession();
     openSession(connTokens.second, writeUserName, writePassword, false);
   }
 }

◆ startSuperSession()

void cond::CredentialStore::startSuperSession	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

private

Definition at line 633 of file CredentialStore.cc.

References l1RCTOmdsFedVectorProducer_cfi::connectionString, EcalCondDBWriter_cfi::password, and EcalCondDBWriter_cfi::userName.

                                                                          {
   std::pair<std::string, std::string> connTokens = openConnection(connectionString);
   openSession(connTokens.second, userName, password, false);
 }

◆ unsetPermission()

size_t cond::CredentialStore::unsetPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString
	)

Definition at line 1092 of file CredentialStore.cc.

References AUTHORIZATION_TABLE(), cond::CSScopedSession::close(), l1RCTOmdsFedVectorProducer_cfi::connectionString, newFWLiteAna::found, cond::getAuthorizationEntries(), cond::PrincipalData::id, mps_check::msg, P_ID_COL(), ROLE_COL(), cond::auth::ROLES, SCHEMA_COL(), cond::selectPrincipal(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and tname().

                                                                                  {
   if (!role.empty() && cond::auth::ROLES.find(role) == cond::auth::ROLES.end()) {
     throwException(std::string("Role ") + role + " does not exists.", "CredentialStore::unsetPermission");
   }
   CSScopedSession session(*this);
   session.start(false);
   coral::ISchema& schema = m_session->nominalSchema();
 
   coral::AttributeList deleteData;
   deleteData.extend<std::string>(SCHEMA_COL);
   std::stringstream whereClause;
   m_log << "Removing permissions to access resource " << connectionString;
   if (!role.empty()) {
     deleteData.extend<std::string>(ROLE_COL);
     m_log << " with role " << role;
   }
   int princId = -1;
   if (!principal.empty()) {
     PrincipalData princData;
     bool found = selectPrincipal(m_key.version(), schema, principal, princData);
 
     if (!found) {
       std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
       throwException(msg, "CredentialStore::unsetPermission");
     }
     deleteData.extend<int>(P_ID_COL);
     princId = princData.id;
     m_log << " by principal " << principal << " (id: " << princData.id << ")";
   }
 
   size_t n_e = getAuthorizationEntries(m_key.version(), schema, princId, role, connectionString);
   m_log << ": " << n_e << " authorization entries." << std::endl;
   if (n_e) {
     deleteData[SCHEMA_COL].data<std::string>() = connectionString;
     whereClause << SCHEMA_COL << " = :" << SCHEMA_COL;
     if (!role.empty()) {
       deleteData[ROLE_COL].data<std::string>() = role;
       whereClause << " AND " << ROLE_COL << " = :" << ROLE_COL;
     }
     if (!principal.empty()) {
       deleteData[P_ID_COL].data<int>() = princId;
       whereClause << " AND " << P_ID_COL + " = :" + P_ID_COL;
     }
     coral::ITableDataEditor& editor = schema.tableHandle(tname(AUTHORIZATION_TABLE, m_key.version())).dataEditor();
     editor.deleteRows(whereClause.str(), deleteData);
   }
   session.close();
   return n_e;
 }

◆ updateConnection()

bool cond::CredentialStore::updateConnection	(	const std::string &	connectionLabel,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 1144 of file CredentialStore.cc.

References cond::CSScopedSession::close(), EcalCondDBWriter_cfi::password, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, to_lower(), cond::updateConnectionData(), and EcalCondDBWriter_cfi::userName.

                                                                         {
   CSScopedSession session(*this);
   session.start(false);
 
   m_session->transaction().start();
   coral::ISchema& schema = m_session->nominalSchema();
   std::string connLabel = to_lower(connectionLabel);
   updateConnectionData(m_key.version(), schema, m_principalKey, connLabel, userName, password, true, m_log);
 
   session.close();
   return true;
 }

◆ updatePrincipal()

bool cond::CredentialStore::updatePrincipal	(	const std::string &	principal,
		const std::string &	principalKey,
		bool	setAdmin = `false`
	)

Definition at line 1014 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, cond::CredentialData::connectionKey, cond::CredentialData::id, cmsHarvester::permissions, runTheMatrix::ret, cond::selectConnection(), cond::setPermissionData(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and cond::updatePrincipalData().

                                                            {
   CSScopedSession session(*this);
   session.start(false);
   coral::ISchema& schema = m_session->nominalSchema();
   auto princData =
       updatePrincipalData(m_key.version(), schema, authenticationKey, principalName, m_principalKey, false, m_log);
   bool ret = false;
   if (setAdmin) {
     int princId = princData.first;
     std::string princKey = m_principalKey;
     std::string connString = m_serviceData->connectionString;
     std::vector<Permission> permissions;
     if (!selectPermissions(m_key.principalName(), auth::COND_ADMIN_ROLE, connString, permissions)) {
       throwException("The current operating user is not admin user on the underlying Credential Store.",
                      "CredentialStore::updatePrincipal");
     }
     std::string connLabel = permissions.front().connectionLabel;
     CredentialData credsData;
     if (!selectConnection(m_key.version(), schema, connLabel, credsData)) {
       throwException("Credential Store connection has not been defined.", "CredentialStore::updatePrincipal");
     }
     auth::Cipher adminCipher(m_principalKey);
     ret = setPermissionData(m_key.version(),
                             schema,
                             princId,
                             princKey,
                             auth::COND_ADMIN_ROLE,
                             connString,
                             credsData.id,
                             adminCipher.b64decrypt(credsData.connectionKey),
                             m_log);
   }
   session.close();
   return ret;
 }

Friends And Related Function Documentation

◆ CSScopedSession

friend class CSScopedSession

friend

Definition at line 158 of file CredentialStore.h.

Member Data Documentation

◆ DEFAULT_DATA_SOURCE

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE

static

Definition at line 88 of file CredentialStore.h.

◆ m_authenticatedPrincipal

std::string cond::CredentialStore::m_authenticatedPrincipal

private

Definition at line 178 of file CredentialStore.h.

◆ m_connection

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection

private

Definition at line 175 of file CredentialStore.h.

◆ m_key

auth::DecodingKey cond::CredentialStore::m_key

private

Definition at line 186 of file CredentialStore.h.

◆ m_log

std::stringstream cond::CredentialStore::m_log

private

Definition at line 188 of file CredentialStore.h.

◆ m_principalId

int cond::CredentialStore::m_principalId

private

Definition at line 179 of file CredentialStore.h.

◆ m_principalKey

std::string cond::CredentialStore::m_principalKey

private

Definition at line 181 of file CredentialStore.h.

◆ m_serviceData

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData

private

Definition at line 184 of file CredentialStore.h.

◆ m_serviceName

std::string cond::CredentialStore::m_serviceName

private

Definition at line 183 of file CredentialStore.h.

◆ m_session

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session

private

Definition at line 176 of file CredentialStore.h.

Classes

Public Member Functions

Static Public Attributes

Private Member Functions

Private Attributes

Friends

Detailed Description

Constructor & Destructor Documentation

◆ CredentialStore()

◆ ~CredentialStore()

Member Function Documentation

◆ closeSession()

◆ createSchema()

◆ drop()

◆ exportAll()

◆ getUserCredentials()

◆ importForPrincipal()

◆ keyPrincipalName()

◆ listConnections()

◆ listPrincipals()

◆ log()

◆ openConnection()

◆ openSession() [1/2]

◆ openSession() [2/2]

◆ removeConnection()

◆ removePrincipal()

◆ resetAdmin()

◆ selectForUser()

◆ selectPermissions()

◆ serviceName()

◆ setPermission()

◆ setUpForConnectionString()

◆ setUpForService()

◆ startSession()

◆ startSuperSession()

◆ unsetPermission()

◆ updateConnection()

◆ updatePrincipal()

Friends And Related Function Documentation

◆ CSScopedSession

Member Data Documentation

◆ DEFAULT_DATA_SOURCE

◆ m_authenticatedPrincipal

◆ m_connection

◆ m_key

◆ m_log

◆ m_principalId

◆ m_principalKey

◆ m_serviceData

◆ m_serviceName

◆ m_session