CMS 3D CMS Logo

Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends

cond::CredentialStore Class Reference

#include <CredentialStore.h>

List of all members.

Classes

struct  Permission

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 CredentialStore ()
 Standard Constructor.
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data)
 import data
bool installAdmin (const std::string &userName, const std::string &password)
const std::string & keyPrincipalName ()
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
bool listPrincipals (std::vector< std::string > &destination)
bool removeConnection (const std::string &connectionLabel)
bool removePrincipal (const std::string &principal)
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters.
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
virtual ~CredentialStore ()
 Standard Destructor.

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE

Private Member Functions

int addUser (const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)
void closeSession (bool commit=true)
std::pair< std::string,
std::string > 
openConnection (const std::string &connectionString)
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
void openSession (bool readOnly=true)
bool setPermission (int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
void startSession (bool readMode)
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
std::pair< int, std::string > updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)

Private Attributes

boost::shared_ptr
< coral::IConnection > 
m_connection
DecodingKey m_key
int m_principalId
std::string m_principalKey
const ServiceCredentialsm_serviceData
std::string m_serviceName
boost::shared_ptr
< coral::ISession > 
m_session

Friends

class CSScopedSession

Detailed Description

Definition at line 83 of file CredentialStore.h.


Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 648 of file CredentialStore.cc.

cond::CredentialStore::~CredentialStore ( ) [virtual]

Standard Destructor.

Definition at line 658 of file CredentialStore.cc.

                                     {
}

Member Function Documentation

int cond::CredentialStore::addUser ( const std::string &  principalName,
const std::string &  authenticationKey,
const std::string &  principalKey,
const std::string &  adminKey 
) [private]

Definition at line 356 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::Cipher::b64encrypt(), COND_AUTHENTICATION_TABLE(), ora::SequenceManager::getNextId(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python::IdGenerator::schema, SEQUENCE_TABLE_NAME(), and VERIFICATION_COL().

                                                                                                                                                              {

  coral::ISchema& schema = m_session->nominalSchema();
  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
  int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
    
  Cipher cipher0( authenticationKey );
  Cipher cipher1( adminKey );

  coral::AttributeList authData;
  editor0.rowBuffer(authData);
  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
  editor0.insertRow( authData );
  return principalId;
}
void cond::CredentialStore::closeSession ( bool  commit = true) [private]

Definition at line 337 of file CredentialStore.cc.

                                                   {

  if( m_session.get() ){
    if(m_session->transaction().isActive()){
      if( commit ){
        m_session->transaction().commit();
      } else {
        m_session->transaction().rollback();
      }
    }
    m_session->endUserSession();
  }
  m_session.reset();
  if( m_connection.get() ){
    m_connection->disconnect();
  }
  m_connection.reset();
}
bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 709 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), ora::SequenceManager::create(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), SEQUENCE_TABLE_NAME(), python::CommonUtils::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                                                           {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
    throwException("Credential database, already exists.","CredentialStore::create");
  }
  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME, schema );
  int columnSize = 2000;

  // authentication table
  sequenceMgr.create( COND_AUTHENTICATION_TABLE );
  coral::TableDescription descr0;
  descr0.setName( COND_AUTHENTICATION_TABLE );
  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
  descr0.setNotNullConstraint( VERIFICATION_COL );
  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
  descr0.setNotNullConstraint( ADMIN_KEY_COL );
  std::vector<std::string> columnsUnique;
  columnsUnique.push_back( PRINCIPAL_NAME_COL);
  descr0.setUniqueConstraint( columnsUnique );
  std::vector<std::string> columnsForIndex;
  columnsForIndex.push_back(PRINCIPAL_ID_COL);
  descr0.setPrimaryKey( columnsForIndex );
  schema.createTable( descr0 );

  // authorization table
  sequenceMgr.create( COND_AUTHORIZATION_TABLE );
  coral::TableDescription descr1;
  descr1.setName( COND_AUTHORIZATION_TABLE );
  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.setNotNullConstraint( AUTH_ID_COL );
  descr1.setNotNullConstraint( P_ID_COL );
  descr1.setNotNullConstraint( ROLE_COL );
  descr1.setNotNullConstraint( SCHEMA_COL );
  descr1.setNotNullConstraint( AUTH_KEY_COL );
  descr1.setNotNullConstraint( C_ID_COL );
  columnsUnique.clear();
  columnsUnique.push_back( P_ID_COL);
  columnsUnique.push_back( ROLE_COL);
  columnsUnique.push_back( SCHEMA_COL);
  descr1.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(AUTH_ID_COL);
  descr1.setPrimaryKey( columnsForIndex );
  schema.createTable( descr1 );

  // credential table
  sequenceMgr.create( COND_CREDENTIAL_TABLE );
  coral::TableDescription descr2;
  descr2.setName( COND_CREDENTIAL_TABLE );
  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.setNotNullConstraint( CONNECTION_ID_COL );
  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
  descr2.setNotNullConstraint( USERNAME_COL );
  descr2.setNotNullConstraint( PASSWORD_COL );
  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
  columnsUnique.clear();
  columnsUnique.push_back( CONNECTION_LABEL_COL);
  descr2.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(CONNECTION_ID_COL);
  descr2.setPrimaryKey( columnsForIndex );
  schema.createTable( descr2 );

  session.close();
  return true;
}
bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 797 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), python::IdGenerator::schema, SEQUENCE_TABLE_NAME(), python::CommonUtils::session, and cond::CSScopedSession::startSuper().

                                                                                                                   {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
  session.close();
  return true;
}
bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1328 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), python::CommonUtils::session, cond::CSScopedSession::start(), USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                  {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  Cipher cipher0( m_principalKey );
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
    std::string userName("");
    std::string password("");
    std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
    Cipher cipher1( connectionKey );
    std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
    if( verifKey == connectionLabel ){
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    data.registerCredentials( connectionString, role, userName, password );
    found = true;
  }
  session.close();
  return found;  
}
bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data 
)

import data

Definition at line 1162 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), newFWLiteAna::found, cond::PrincipalData::id, Association::map, lumiQueryAPI::msg, geometryXMLtoCSV::parser, python::IdGenerator::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, python::CommonUtils::session, cond::CSScopedSession::start(), and cond::throwException().

                                                                                                           {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::importForPrincipal");
  }

  bool imported = false;
  Cipher cipher( m_principalKey );
  std::string princKey = cipher.b64decrypt( princData.adminKey);

  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
    const std::string& connectionString = iConn->first.first;
    coral::URIParser parser;
    parser.setURI( connectionString );
    std::string serviceName = parser.hostName();
    const std::string& role = iConn->first.second;
    std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
    std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
    // first import the connections
    std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, false );
    Cipher cipher( m_principalKey );
    // than set the permission for the specific role
    setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
    imported = true;
  }
  session.close();  
  return imported;
}
bool cond::CredentialStore::installAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 810 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::Auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, cmsDownloadME::gen, ora::SequenceManager::getNextId(), cond::KeyGenerator::make(), lumiQueryAPI::msg, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), cond::schemaLabelForCredentialStore(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python::CommonUtils::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                            {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );    
  }
  const std::string& connectionString = m_serviceData->connectionString;
  const std::string& principalName = m_key.principalName();

  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principalName, princData );

  if( found ){
    std::string msg("Principal \"");
    msg += principalName + "\" has been installed already.";
    throwException(msg,"CredentialStore::installAdmin");
  }

  KeyGenerator gen;
  m_principalKey = gen.make( Auth::COND_DB_KEY_SIZE );

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
  int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
    
  Cipher cipher0( m_key.principalKey() );
  Cipher cipher1( m_principalKey );

  coral::AttributeList authData;
  editor0.rowBuffer(authData);
  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
  editor0.insertRow( authData );

  std::string connLabel = schemaLabelForCredentialStore( connectionString );
  DecodingKey tmpKey;
  std::string connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
  std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );    

  Cipher cipher2( connectionKey );
  std::string encryptedUserName = cipher2.b64encrypt( userName );
  std::string encryptedPassword = cipher2.b64encrypt( password );
  std::string encryptedLabel = cipher2.b64encrypt( connLabel );    
  
  int connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
    
  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
  coral::AttributeList connectionData;
  editor1.rowBuffer(connectionData);
  connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
  connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
  connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
  connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
  connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
  connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
  editor1.insertRow( connectionData );

  int authId = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
    
  coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  coral::AttributeList permissionData;
  editor2.rowBuffer(permissionData);
  permissionData[ AUTH_ID_COL ].data<int>() = authId;
  permissionData[ P_ID_COL ].data<int>() = principalId;
  permissionData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
  permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
  permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
  permissionData[ C_ID_COL ].data<int>() = connId;
  editor2.insertRow( permissionData );

  session.close();
  return true;
}
const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1384 of file CredentialStore.cc.

                                                       {
  return m_key.principalName();
}
bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1223 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, PASSWORD_COL(), o2o::query, python::IdGenerator::schema, python::CommonUtils::session, cond::CSScopedSession::start(), USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                       {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
  readBuff.extend<std::string>( USERNAME_COL );
  readBuff.extend<std::string>( PASSWORD_COL );
  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
  readBuff.extend<std::string>( CONNECTION_KEY_COL );
  query->defineOutput(readBuff);
  query->addToOutputList( CONNECTION_LABEL_COL );
  query->addToOutputList( USERNAME_COL );
  query->addToOutputList( PASSWORD_COL );
  query->addToOutputList( VERIFICATION_KEY_COL );
  query->addToOutputList( CONNECTION_KEY_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  Cipher cipher0(m_principalKey );
  while ( cursor.next() ) {
    std::string userName("");
    std::string password("");
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
    const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
    const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
    std::string connKey = cipher0.b64decrypt( encryptedKey );
    Cipher cipher1( connKey );
    std::string verif = cipher1.b64decrypt( encryptedVerif );
    if( verif == connLabel ){
      const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
    found = true;
  }
  session.close();    
  return found;
}
bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1200 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), newFWLiteAna::found, PRINCIPAL_NAME_COL(), o2o::query, python::IdGenerator::schema, python::CommonUtils::session, and cond::CSScopedSession::start().

                                                                           {

  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
  query->defineOutput(readBuff);
  query->addToOutputList( PRINCIPAL_NAME_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    found = true;
    const coral::AttributeList& row = cursor.currentRow();
    destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
  }
  session.close();    
  return found;
}
std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString) [private]

Definition at line 378 of file CredentialStore.cc.

References instance.

                                                                                                   {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  m_connection.reset( domain.newConnection( connTokens.first ) );
  m_connection->connect();
  return connTokens;
}
void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
) [private]

Definition at line 391 of file CredentialStore.cc.

                                                                                                                                       {
  coral::AccessMode accessMode = coral::ReadOnly;
  if( !readMode ) accessMode = coral::Update;  
  m_session.reset( m_connection->newSession( schemaName, accessMode) );
  m_session->startUserSession( userName, password );
  // open read-only transaction
  m_session->transaction().start( readMode );
}
void cond::CredentialStore::openSession ( bool  readOnly = true) [private]
bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1075 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), newFWLiteAna::found, cond::CredentialData::id, lumiQueryAPI::msg, python::IdGenerator::schema, cond::selectConnection(), python::CommonUtils::session, cond::CSScopedSession::start(), and cond::throwException().

                                                                            {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  CredentialData credsData;
  bool found = selectConnection( schema, connectionLabel, credsData );

  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removeConnection");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( C_ID_COL );
  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( CONNECTION_ID_COL );
  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();

  return true;
}
bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1041 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, lumiQueryAPI::msg, P_ID_COL(), PRINCIPAL_ID_COL(), python::IdGenerator::schema, cond::selectPrincipal(), python::CommonUtils::session, cond::CSScopedSession::start(), and cond::throwException().

                                                                     {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removePrincipal");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( P_ID_COL );
  deleteData0[ P_ID_COL ].data<int>() = princData.id;
  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( PRINCIPAL_ID_COL );
  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();
  
  return true;
}
bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1109 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), P_ID_COL(), PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), python::CommonUtils::session, cond::CSScopedSession::start(), USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                 {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  Cipher cipher( m_principalKey );

  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  coral::AttributeList whereData;
  whereData.extend<int>(P_ID_COL);
  whereData[ P_ID_COL ].data<int>() = m_principalId;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
    const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
    const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    std::string authKey = cipher.b64decrypt( encryptedAuthKey );
    Cipher connCipher( authKey );
    if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
      destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ),  connCipher.b64decrypt( encryptedPassword ) );
    } 
  }
  session.close();
  return true;
}
bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1267 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, o2o::query, cond::CredentialStore::Permission::role, ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), python::CommonUtils::session, and cond::CSScopedSession::start().

                                                                                   {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  if( !principalName.empty() ){
    whereData.extend<std::string>(PRINCIPAL_NAME_COL);
    whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
    whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
  }
  if( !role.empty() ){
    whereData.extend<std::string>(ROLE_COL);
    whereData[ ROLE_COL ].data<std::string>() = role;
    whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
  }
  if( !connectionString.empty() ){
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
    whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  }
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->setCondition( whereClause.str(), whereData );
  query->addToOrderList( "AUTHO."+SCHEMA_COL );
  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL  );
  query->addToOrderList( "AUTHO."+ROLE_COL  );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    destination.resize( destination.size()+1 );
    Permission& perm = destination.back();
    perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
    perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    found = true;
  }
  session.close();
  return found;  
}
bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 964 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, lumiQueryAPI::msg, runTheMatrix::ret, python::IdGenerator::schema, cond::selectConnection(), cond::selectPrincipal(), python::CommonUtils::session, cond::CSScopedSession::start(), and cond::throwException().

                                                                             {
  CSScopedSession session( *this );
  session.start( false  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  CredentialData credsData;
  found = selectConnection( schema, connectionLabel, credsData );
  
  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  Cipher cipher( m_principalKey );
  bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
  session.close();
  return ret;
}
bool cond::CredentialStore::setPermission ( int  principalId,
const std::string &  principalKey,
const std::string &  role,
const std::string &  connectionString,
int  connectionId,
const std::string &  connectionKey 
) [private]

Definition at line 514 of file CredentialStore.cc.

References AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, ora::SequenceManager::getNextId(), cond::AuthorizationData::id, P_ID_COL(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), cond::selectAuthorization(), and SEQUENCE_TABLE_NAME().

                                                                                                                                                                                                   {
  coral::ISchema& schema = m_session->nominalSchema();
  Cipher cipher( principalKey );
  std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );

  AuthorizationData authData;
  bool found = selectAuthorization( schema, principalId, role, connectionString, authData );

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  if( found ) {
    coral::AttributeList updateData;
    updateData.extend<int>( AUTH_ID_COL );
    updateData.extend<int>( C_ID_COL );
    updateData.extend<std::string>( AUTH_KEY_COL );
    updateData[ AUTH_ID_COL ].data<int>() = authData.id;
    updateData[ C_ID_COL ].data<int>() = connectionId;
    updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
    std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
    std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
    editor.updateRows( setCl,whereCl, updateData );
  } else {

    ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
    int next = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
    
    coral::AttributeList insertData;
    insertData.extend<int>( AUTH_ID_COL );
    insertData.extend<int>( P_ID_COL );
    insertData.extend<std::string>( ROLE_COL );
    insertData.extend<std::string>( SCHEMA_COL );
    insertData.extend<std::string>( AUTH_KEY_COL );
    insertData.extend<int>( C_ID_COL );
    insertData[ AUTH_ID_COL ].data<int>() = next;
    insertData[ P_ID_COL ].data<int>() = principalId;
    insertData[ ROLE_COL ].data<std::string>() = role;
    insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
    insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
    insertData[ C_ID_COL ].data<int>() = connectionId;
    editor.insertRow( insertData );
  }
  return true;    
}
std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 694 of file CredentialStore.cc.

References instance, and serviceName.

                                                                            {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  std::string& serviceName = connTokens.first;
  return setUpForService( serviceName, authPath );
}
std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 662 of file CredentialStore.cc.

References cond::Auth::COND_KEY, mergeVDriftHistosByStation::file, cond::DecodingKey::FILE_PATH, lumiQueryAPI::msg, getHLTPrescaleColumns::path, serviceName, and cond::throwException().

                                                                   {
  if( serviceName.empty() ){
    throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );        
  }
  m_serviceName.clear();
  m_serviceData = 0;

  if( authPath.empty() ){
    throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path fullPath( authPath );
  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
    throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path file( DecodingKey::FILE_PATH );
  fullPath /= file;

  m_key.init( fullPath.string(), Auth::COND_KEY ); 
  
  std::map< std::string, ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
  if( iK == m_key.services().end() ){
    std::string msg("");
    msg += "Service \""+serviceName+"\" can't be open with the current key.";
    throwException( msg,"cond::CredentialStore::setUpConnection" );    
  }
  m_serviceName = serviceName;
  m_serviceData = &iK->second;
  return m_serviceData->connectionString;
}
void cond::CredentialStore::startSession ( bool  readMode) [private]

Definition at line 406 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), C_ID_COL(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, o2o::query, ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), cond::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

                                                     {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );    
  }
  const std::string& storeConnectionString = m_serviceData->connectionString;

  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );

  const std::string& userName = m_serviceData->userName;
  const std::string& password = m_serviceData->password;
 
  openSession( connTokens.second, userName, password, true );

  coral::ISchema& schema = m_session->nominalSchema();
  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
     !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
     !schema.existsTable(COND_CREDENTIAL_TABLE) ){
    throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
  }

  const std::string& principalName = m_key.principalName();
  // now authenticate...
  PrincipalData princData;
  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
    throwException( "Invalid credentials provided.(0)",
                    "CredentialStore::openSession");
  }
  Cipher cipher0( m_key.principalKey() );
  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
  if( verifStr != principalName ){
    throwException( "Invalid credentials provided (1)",
                    "CredentialStore::openSession");
  }
  // ok, authenticated!
  m_principalId = princData.id;
  m_principalKey = cipher0.b64decrypt( princData.principalKey );
  
  if(!readMode ) {

    Cipher cipher0( m_principalKey );
    std::string adminKey = cipher0.b64decrypt( princData.adminKey );
    if( adminKey != m_principalKey ){
      // not admin user!
      throwException( "Provided credentials does not allow admin operation.",
                      "CredentialStore::openSession");
    }
    
    // first find the credentials for WRITING in the security tables
    std::auto_ptr<coral::IQuery> query(schema.newQuery());
    query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
    query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
    coral::AttributeList readBuff;
    readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
    readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
    readBuff.extend<std::string>("CREDS."+USERNAME_COL);
    readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
    readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
    coral::AttributeList whereData;
    whereData.extend<int>(P_ID_COL);
    whereData.extend<std::string>(ROLE_COL);
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ P_ID_COL ].data<int>() = m_principalId;
    whereData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
    whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
    std::stringstream whereClause;
    whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
    whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
    whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
    whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
    query->defineOutput(readBuff);
    query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
    query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
    query->addToOutputList( "CREDS."+USERNAME_COL );
    query->addToOutputList( "CREDS."+PASSWORD_COL );
    query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
    query->setCondition( whereClause.str(), whereData );
    coral::ICursor& cursor = query->execute();
    bool found = false;
    std::string writeUserName("");
    std::string writePassword("");
    if ( cursor.next() ) {
      const coral::AttributeList& row = cursor.currentRow();
      const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
      const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
      std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
      Cipher cipher1( connectionKey );
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
      const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
      if( cipher1.b64decrypt( verificationKey ) != connLabel  ){
        throwException( "Could not decrypt credentials.Provided key is invalid.",
                        "CredentialStore::startSession");
      }
      writeUserName = cipher1.b64decrypt( encryptedUserName );
      writePassword = cipher1.b64decrypt( encryptedPassword );
      found = true;
    }
    if( ! found ){
      throwException( "Provided credentials are invalid for write access.",
                      "CredentialStore::openSession");
    }
    m_session->transaction().commit();
    m_session->endUserSession();
    openSession( connTokens.second, writeUserName, writePassword, false );

  }
}   
void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
) [private]

Definition at line 400 of file CredentialStore.cc.

                                                                                                                                    {
  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
  openSession( connTokens.second, userName, password, false );
}
bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 995 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, cond::PrincipalData::id, lumiQueryAPI::msg, P_ID_COL(), ROLE_COL(), python::IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), python::CommonUtils::session, cond::CSScopedSession::start(), and cond::throwException().

                                                                                {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::unsetPermission");
  }

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  coral::AttributeList deleteData;
  deleteData.extend<int>( P_ID_COL );
  deleteData.extend<std::string>( ROLE_COL );
  deleteData.extend<std::string>( SCHEMA_COL );
  deleteData[ P_ID_COL ].data<int>() = princData.id;
  deleteData[ ROLE_COL ].data<std::string>() = role;
  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
  std::stringstream whereClause;
  whereClause << P_ID_COL+" = :"+P_ID_COL;
  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  editor.deleteRows( whereClause.str(), deleteData );
  session.close();
  return true;
}
std::pair< int, std::string > cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password,
bool  forceUpdate 
) [private]

Definition at line 557 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, cmsDownloadME::gen, ora::SequenceManager::getNextId(), cond::CredentialData::id, cond::KeyGenerator::make(), PASSWORD_COL(), python::IdGenerator::schema, cond::selectConnection(), SEQUENCE_TABLE_NAME(), cond::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::CredentialData::verificationKey.

                                                                                      {
  coral::ISchema& schema = m_session->nominalSchema();
  CredentialData credsData;
  bool found = selectConnection( schema, connectionLabel, credsData );
  int connId = credsData.id;
  
  Cipher adminCipher( m_principalKey );
  std::string connectionKey("");
  coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
  if( found ){
    
    connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
    Cipher cipher( connectionKey );
    std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
    if( verificationKey != connectionLabel ){
      throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
    }
    if( forceUpdate ){
      std::string encryptedUserName = cipher.b64encrypt( userName );
      std::string encryptedPassword = cipher.b64encrypt( password );
     
      coral::AttributeList updateData;
      updateData.extend<int>( CONNECTION_ID_COL );
      updateData.extend<std::string>( USERNAME_COL );
      updateData.extend<std::string>( PASSWORD_COL );
      updateData[ CONNECTION_ID_COL ].data<int>() = connId;
      updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
      updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
      std::stringstream setCl;
      setCl << USERNAME_COL << " = :" << USERNAME_COL;
      setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
      std::string whereCl = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
      editor.updateRows( setCl.str(),whereCl, updateData );
    }
  }
  
  if(!found){
    
    KeyGenerator gen;
    connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
    Cipher cipher( connectionKey );
    std::string encryptedUserName = cipher.b64encrypt( userName );
    std::string encryptedPassword = cipher.b64encrypt( password );
    std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
    
    ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
    connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
    
    coral::AttributeList insertData;
    insertData.extend<int>( CONNECTION_ID_COL );
    insertData.extend<std::string>( CONNECTION_LABEL_COL );
    insertData.extend<std::string>( USERNAME_COL );
    insertData.extend<std::string>( PASSWORD_COL );
    insertData.extend<std::string>( VERIFICATION_KEY_COL );
    insertData.extend<std::string>( CONNECTION_KEY_COL );
    insertData[ CONNECTION_ID_COL ].data<int>() = connId;
    insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
    insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
    insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
    insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
    insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
    editor.insertRow( insertData );
    
    /***
    // then set the admin permission on the new connection
    ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
    int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
    
    coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
    coral::AttributeList authData;
    authData.extend<int>( AUTH_ID_COL );
    authData.extend<int>( P_ID_COL );
    authData.extend<std::string>( ROLE_COL );
    authData.extend<std::string>( SCHEMA_COL );
    authData.extend<std::string>( AUTH_KEY_COL );
    authData.extend<int>( C_ID_COL );
    authData[ AUTH_ID_COL ].data<int>() = authId;
    authData[ P_ID_COL ].data<int>() = m_principalId;
    authData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
    authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
    authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
    authData[ C_ID_COL ].data<int>() = connId;
    authEditor.insertRow( authData );
    **/
  }
  return std::make_pair( connId, connectionKey );
}
bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1027 of file CredentialStore.cc.

References cond::CSScopedSession::close(), python::CommonUtils::session, and cond::CSScopedSession::start().

                                                                         {
  CSScopedSession session( *this );
  session.start( false  );

  m_session->transaction().start();

  updateConnection( connectionLabel,userName, password, true ); 

  session.close();
  return true;
}
bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 891 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), cond::Auth::COND_DB_KEY_SIZE, cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, cmsDownloadME::gen, ora::SequenceManager::getNextId(), cond::PrincipalData::id, cond::CredentialData::id, cond::KeyGenerator::make(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python::IdGenerator::schema, cond::schemaLabelForCredentialStore(), cond::selectConnection(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python::CommonUtils::session, cond::CSScopedSession::start(), cond::throwException(), and VERIFICATION_COL().

                                                            {
  CSScopedSession session( *this );
  session.start( false  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principalName, princData );

  Cipher adminCipher( m_principalKey );
  Cipher cipher( authenticationKey );
  std::string verifStr = cipher.b64encrypt( principalName );
  std::string principalKey("");
  if( setAdmin ) principalKey = m_principalKey;
  int principalId = princData.id;

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
  if( found ){
    if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
    coral::AttributeList updateData;
    updateData.extend<int>( PRINCIPAL_ID_COL );
    updateData.extend<std::string>( VERIFICATION_COL );
    updateData.extend<std::string>( PRINCIPAL_KEY_COL );
    updateData.extend<std::string>( ADMIN_KEY_COL );
    updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
    updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
    updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
    updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
    std::stringstream setClause;
    setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
    setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
    setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
    std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
    editor.updateRows( setClause.str(),whereClause, updateData );
  } else {
    if( principalKey.empty() ) {
      KeyGenerator gen;
      principalKey = gen.make( Auth::COND_DB_KEY_SIZE );
    }

    coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

    ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
    principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
        
    coral::AttributeList authData;
    editor0.rowBuffer(authData);
    authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
    authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
    authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
    authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
    authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
    editor0.insertRow( authData );
  }

  if(setAdmin){
    std::string connString = m_serviceData->connectionString;
    std::string connLabel = schemaLabelForCredentialStore( connString );
    CredentialData credsData;
    bool found = selectConnection( schema, connLabel, credsData );
    if(!found){
      throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
    }
    setPermission( principalId, principalKey, Auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
  }

  session.close();
  return true;
}

Friends And Related Function Documentation

friend class CSScopedSession [friend]

Definition at line 144 of file CredentialStore.h.


Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE [static]

Definition at line 87 of file CredentialStore.h.

boost::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection [private]

Definition at line 163 of file CredentialStore.h.

Definition at line 172 of file CredentialStore.h.

Definition at line 166 of file CredentialStore.h.

Definition at line 167 of file CredentialStore.h.

Definition at line 170 of file CredentialStore.h.

std::string cond::CredentialStore::m_serviceName [private]

Definition at line 169 of file CredentialStore.h.

boost::shared_ptr<coral::ISession> cond::CredentialStore::m_session [private]

Definition at line 164 of file CredentialStore.h.