#include <CredentialStore.h>

Classes
struct	Permission

Public Member Functions
bool	createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)

	CredentialStore ()
	Standard Constructor. More...

bool	drop (const std::string &connectionString, const std::string &userName, const std::string &password)

bool	exportAll (coral_bridge::AuthenticationCredentialSet &data)

bool	importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
	import data More...

bool	installAdmin (const std::string &userName, const std::string &password)

const std::string &	keyPrincipalName ()

bool	listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)

bool	listPrincipals (std::vector< std::string > &destination)

bool	removeConnection (const std::string &connectionLabel)

bool	removePrincipal (const std::string &principal)

bool	selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)

bool	selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)

bool	setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)

std::string	setUpForConnectionString (const std::string &connectionString, const std::string &authPath)

std::string	setUpForService (const std::string &serviceName, const std::string &authPath)
	Sets the initialization parameters. More...

bool	unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)

bool	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)

bool	updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)

virtual	~CredentialStore ()
	Standard Destructor. More...

Static Public Attributes
static const std::string	DEFAULT_DATA_SOURCE

Private Member Functions
int	addUser (const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)

void	closeSession (bool commit=true)

std::pair< std::string, std::string >	openConnection (const std::string &connectionString)

void	openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)

void	openSession (bool readOnly=true)

bool	setPermission (int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)

void	startSession (bool readMode)

void	startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)

std::pair< int, std::string >	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)

Private Attributes
boost::shared_ptr < coral::IConnection >	m_connection

DecodingKey	m_key

int	m_principalId

std::string	m_principalKey

const ServiceCredentials *	m_serviceData

std::string	m_serviceName

boost::shared_ptr < coral::ISession >	m_session

Friends
class	CSScopedSession

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 648 of file CredentialStore.cc.

                                     :
   m_connection(),
   m_session(),
   m_principalId(-1),
   m_principalKey(""),
   m_serviceName(""),
   m_serviceData(0),
   m_key(){
 }

cond::CredentialStore::~CredentialStore ( )

virtual

Standard Destructor.

Definition at line 658 of file CredentialStore.cc.

658 {

659 }

Member Function Documentation

int cond::CredentialStore::addUser	(	const std::string &	principalName,
		const std::string &	authenticationKey,
		const std::string &	principalKey,
		const std::string &	adminKey
	)

private

Definition at line 356 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::Cipher::b64encrypt(), COND_AUTHENTICATION_TABLE(), ora::SequenceManager::getNextId(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python.IdGenerator::schema, SEQUENCE_TABLE_NAME(), AlCaHLTBitMon_QueryRunRegistry::string, and VERIFICATION_COL().

                                                                                                                                                               {
 
   coral::ISchema& schema = m_session->nominalSchema();
   coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
 
   ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
   int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
     
   Cipher cipher0( authenticationKey );
   Cipher cipher1( adminKey );
 
   coral::AttributeList authData;
   editor0.rowBuffer(authData);
   authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
   authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
   authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
   authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
   authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
   editor0.insertRow( authData );
   return principalId;
 }

void cond::CredentialStore::closeSession ( bool commit = true )

private

Definition at line 337 of file CredentialStore.cc.

                                                    {
 
   if( m_session.get() ){
     if(m_session->transaction().isActive()){
       if( commit ){
     m_session->transaction().commit();
       } else {
     m_session->transaction().rollback();
       }
     }
     m_session->endUserSession();
   }
   m_session.reset();
   if( m_connection.get() ){
     m_connection->disconnect();
   }
   m_connection.reset();
 }

bool cond::CredentialStore::createSchema	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 709 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), ora::SequenceManager::create(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                                                            {
   CSScopedSession session( *this );
   session.startSuper( connectionString, userName, password );
 
   coral::ISchema& schema = m_session->nominalSchema();
   if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
     throwException("Credential database, already exists.","CredentialStore::create");
   }
   ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME, schema );
   int columnSize = 2000;
 
   // authentication table
   sequenceMgr.create( COND_AUTHENTICATION_TABLE );
   coral::TableDescription descr0;
   descr0.setName( COND_AUTHENTICATION_TABLE );
   descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
   descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
   descr0.setNotNullConstraint( VERIFICATION_COL );
   descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
   descr0.setNotNullConstraint( ADMIN_KEY_COL );
   std::vector<std::string> columnsUnique;
   columnsUnique.push_back( PRINCIPAL_NAME_COL);
   descr0.setUniqueConstraint( columnsUnique );
   std::vector<std::string> columnsForIndex;
   columnsForIndex.push_back(PRINCIPAL_ID_COL);
   descr0.setPrimaryKey( columnsForIndex );
   schema.createTable( descr0 );
 
   // authorization table
   sequenceMgr.create( COND_AUTHORIZATION_TABLE );
   coral::TableDescription descr1;
   descr1.setName( COND_AUTHORIZATION_TABLE );
   descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr1.setNotNullConstraint( AUTH_ID_COL );
   descr1.setNotNullConstraint( P_ID_COL );
   descr1.setNotNullConstraint( ROLE_COL );
   descr1.setNotNullConstraint( SCHEMA_COL );
   descr1.setNotNullConstraint( AUTH_KEY_COL );
   descr1.setNotNullConstraint( C_ID_COL );
   columnsUnique.clear();
   columnsUnique.push_back( P_ID_COL);
   columnsUnique.push_back( ROLE_COL);
   columnsUnique.push_back( SCHEMA_COL);
   descr1.setUniqueConstraint( columnsUnique );
   columnsForIndex.clear();
   columnsForIndex.push_back(AUTH_ID_COL);
   descr1.setPrimaryKey( columnsForIndex );
   schema.createTable( descr1 );
 
   // credential table
   sequenceMgr.create( COND_CREDENTIAL_TABLE );
   coral::TableDescription descr2;
   descr2.setName( COND_CREDENTIAL_TABLE );
   descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
   descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
   descr2.setNotNullConstraint( CONNECTION_ID_COL );
   descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
   descr2.setNotNullConstraint( USERNAME_COL );
   descr2.setNotNullConstraint( PASSWORD_COL );
   descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
   descr2.setNotNullConstraint( CONNECTION_KEY_COL );
   columnsUnique.clear();
   columnsUnique.push_back( CONNECTION_LABEL_COL);
   descr2.setUniqueConstraint( columnsUnique );
   columnsForIndex.clear();
   columnsForIndex.push_back(CONNECTION_ID_COL);
   descr2.setPrimaryKey( columnsForIndex );
   schema.createTable( descr2 );
 
   session.close();
   return true;
 }

bool cond::CredentialStore::drop	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 797 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), python.IdGenerator::schema, SEQUENCE_TABLE_NAME(), python.CommonUtils::session, and cond::CSScopedSession::startSuper().

                                                                                                                    {
   CSScopedSession session( *this );
   session.startSuper( connectionString, userName, password );
 
   coral::ISchema& schema = m_session->nominalSchema();
   schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
   schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
   schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
   schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
   session.close();
   return true;
 }

bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet & data )

Definition at line 1329 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                   {
   CSScopedSession session( *this );
   session.start( true  );
   coral::ISchema& schema = m_session->nominalSchema();
   std::auto_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
   query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHO."+ROLE_COL);
   readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
   readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
   readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
   readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
   readBuff.extend<std::string>("CREDS."+USERNAME_COL);
   readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
   coral::AttributeList whereData;
   std::stringstream whereClause;
   whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
   
   query->defineOutput(readBuff);
   query->addToOutputList( "AUTHO."+ROLE_COL );
   query->addToOutputList( "AUTHO."+SCHEMA_COL );
   query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
   query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
   query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
   query->addToOutputList( "CREDS."+USERNAME_COL );
   query->addToOutputList( "CREDS."+PASSWORD_COL );
   query->setCondition( whereClause.str(), whereData );
   coral::ICursor& cursor = query->execute();
   bool found = false;
   Cipher cipher0( m_principalKey );
   while ( cursor.next() ) {
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
     const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
     const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
     const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
     const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
     std::string userName("");
     std::string password("");
     std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
     Cipher cipher1( connectionKey );
     std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
     if( verifKey == connectionLabel ){
       const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
       const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
       userName = cipher1.b64decrypt( encryptedUserName );
       password = cipher1.b64decrypt( encryptedPassword );
     }
     data.registerCredentials( connectionString, role, userName, password );
     found = true;
   }
   session.close();
   return found;  
 }

bool cond::CredentialStore::importForPrincipal	(	const std::string &	principal,
		const coral_bridge::AuthenticationCredentialSet &	data,
		bool	forceUpdateConnection = `false`
	)

import data

Definition at line 1162 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), results_mgr::conn, coral_bridge::AuthenticationCredentialSet::data(), newFWLiteAna::found, cond::PrincipalData::id, Association::map, lumiQueryAPI::msg, geometryXMLtoCSV::parser, python.IdGenerator::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                     {
   CSScopedSession session( *this );
   session.start( false  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principal, princData );
 
   if( ! found ){
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::importForPrincipal");
   }
 
   bool imported = false;
   Cipher cipher( m_principalKey );
   std::string princKey = cipher.b64decrypt( princData.adminKey);
 
   const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
   for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
     const std::string& connectionString = iConn->first.first;
     coral::URIParser parser;
     parser.setURI( connectionString );
     std::string serviceName = parser.hostName();
     const std::string& role = iConn->first.second;
     std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
     std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
     // first import the connections
     std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
     Cipher cipher( m_principalKey );
     // than set the permission for the specific role
     setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
     imported = true;
   }
   session.close();  
   return imported;
 }

bool cond::CredentialStore::installAdmin	(	const std::string &	userName,
		const std::string &	password
	)

Definition at line 810 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::Auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::KeyGenerator::make(), lumiQueryAPI::msg, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::schemaLabelForCredentialStore(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                             {
   if(!m_serviceData){
     throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );    
   }
   const std::string& connectionString = m_serviceData->connectionString;
   const std::string& principalName = m_key.principalName();
 
   CSScopedSession session( *this );
   session.startSuper( connectionString, userName, password  );
 
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principalName, princData );
 
   if( found ){
     std::string msg("Principal \"");
     msg += principalName + "\" has been installed already.";
     throwException(msg,"CredentialStore::installAdmin");
   }
 
   KeyGenerator gen;
   m_principalKey = gen.make( Auth::COND_DB_KEY_SIZE );
 
   coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
 
   ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
   int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
     
   Cipher cipher0( m_key.principalKey() );
   Cipher cipher1( m_principalKey );
 
   coral::AttributeList authData;
   editor0.rowBuffer(authData);
   authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
   authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
   authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
   authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
   authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
   editor0.insertRow( authData );
 
   std::string connLabel = schemaLabelForCredentialStore( connectionString );
   DecodingKey tmpKey;
   std::string connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
   std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );    
 
   Cipher cipher2( connectionKey );
   std::string encryptedUserName = cipher2.b64encrypt( userName );
   std::string encryptedPassword = cipher2.b64encrypt( password );
   std::string encryptedLabel = cipher2.b64encrypt( connLabel );    
   
   int connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
     
   coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
   coral::AttributeList connectionData;
   editor1.rowBuffer(connectionData);
   connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
   connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
   connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
   connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
   connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
   connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
   editor1.insertRow( connectionData );
 
   int authId = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
     
   coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
   coral::AttributeList permissionData;
   editor2.rowBuffer(permissionData);
   permissionData[ AUTH_ID_COL ].data<int>() = authId;
   permissionData[ P_ID_COL ].data<int>() = principalId;
   permissionData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
   permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
   permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
   permissionData[ C_ID_COL ].data<int>() = connId;
   editor2.insertRow( permissionData );
 
   session.close();
   return true;
 }

const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1385 of file CredentialStore.cc.

                                                        {
   return m_key.principalName();
 }

bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > & destination )

Definition at line 1224 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, PASSWORD_COL(), o2o::query, python.IdGenerator::schema, python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                        {
   CSScopedSession session( *this );
   session.start( true  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
   coral::AttributeList readBuff;
   readBuff.extend<std::string>( CONNECTION_LABEL_COL );
   readBuff.extend<std::string>( USERNAME_COL );
   readBuff.extend<std::string>( PASSWORD_COL );
   readBuff.extend<std::string>( VERIFICATION_KEY_COL );
   readBuff.extend<std::string>( CONNECTION_KEY_COL );
   query->defineOutput(readBuff);
   query->addToOutputList( CONNECTION_LABEL_COL );
   query->addToOutputList( USERNAME_COL );
   query->addToOutputList( PASSWORD_COL );
   query->addToOutputList( VERIFICATION_KEY_COL );
   query->addToOutputList( CONNECTION_KEY_COL );
   coral::ICursor& cursor = query->execute();
   bool found = false;
   Cipher cipher0(m_principalKey );
   while ( cursor.next() ) {
     std::string userName("");
     std::string password("");
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
     const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
     const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
     std::string connKey = cipher0.b64decrypt( encryptedKey );
     Cipher cipher1( connKey );
     std::string verif = cipher1.b64decrypt( encryptedVerif );
     if( verif == connLabel ){
       const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
       const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
       userName = cipher1.b64decrypt( encryptedUserName );
       password = cipher1.b64decrypt( encryptedPassword );
     }
     destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
     found = true;
   }
   session.close();    
   return found;
 }

bool cond::CredentialStore::listPrincipals ( std::vector< std::string > & destination )

Definition at line 1201 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), newFWLiteAna::found, PRINCIPAL_NAME_COL(), o2o::query, python.IdGenerator::schema, python.CommonUtils::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                                            {
 
   CSScopedSession session( *this );
   session.start( true  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
   coral::AttributeList readBuff;
   readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
   query->defineOutput(readBuff);
   query->addToOutputList( PRINCIPAL_NAME_COL );
   coral::ICursor& cursor = query->execute();
   bool found = false;
   while ( cursor.next() ) {
     found = true;
     const coral::AttributeList& row = cursor.currentRow();
     destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
   }
   session.close();    
   return found;
 }

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string & connectionString )

private

Definition at line 378 of file CredentialStore.cc.

References instance.

                                                                                                    {
   coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
   if ( ! relationalService.isValid() ){
     coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
     relationalService = coral::Context::instance().query<coral::IRelationalService>();
   }
   coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
   std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
   m_connection.reset( domain.newConnection( connTokens.first ) );
   m_connection->connect();
   return connTokens;
 }

void cond::CredentialStore::openSession	(	const std::string &	schemaName,
		const std::string &	userName,
		const std::string &	password,
		bool	readMode
	)

private

Definition at line 391 of file CredentialStore.cc.

                                                                                                                                        {
   coral::AccessMode accessMode = coral::ReadOnly;
   if( !readMode ) accessMode = coral::Update;  
   m_session.reset( m_connection->newSession( schemaName, accessMode) );
   m_session->startUserSession( userName, password );
   // open read-only transaction
   m_session->transaction().start( readMode );
 }

void cond::CredentialStore::openSession ( bool readOnly = true )

private

bool cond::CredentialStore::removeConnection ( const std::string & connectionLabel )

Definition at line 1075 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), newFWLiteAna::found, cond::CredentialData::id, lumiQueryAPI::msg, python.IdGenerator::schema, cond::selectConnection(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                             {
   CSScopedSession session( *this );
   session.start( false  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   CredentialData credsData;
   bool found = selectConnection( schema, connectionLabel, credsData );
 
   if( ! found ){
     std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::removeConnection");
   }
 
   coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
 
   coral::AttributeList deleteData0;
   deleteData0.extend<int>( C_ID_COL );
   deleteData0[ C_ID_COL ].data<int>() = credsData.id;
   std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
   editor0.deleteRows( whereClause0 , deleteData0 );
 
   coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
 
   coral::AttributeList deleteData1;
   deleteData1.extend<int>( CONNECTION_ID_COL );
   deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
   std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
   editor1.deleteRows( whereClause1 , deleteData1 );
 
   session.close();
 
   return true;
 }

bool cond::CredentialStore::removePrincipal ( const std::string & principal )

Definition at line 1041 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, lumiQueryAPI::msg, P_ID_COL(), PRINCIPAL_ID_COL(), python.IdGenerator::schema, cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                      {
   CSScopedSession session( *this );
   session.start( false  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principal, princData );
 
   if( ! found ){
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::removePrincipal");
   }
 
   coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
 
   coral::AttributeList deleteData0;
   deleteData0.extend<int>( P_ID_COL );
   deleteData0[ P_ID_COL ].data<int>() = princData.id;
   std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
   editor0.deleteRows( whereClause0 , deleteData0 );
 
   coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
 
   coral::AttributeList deleteData1;
   deleteData1.extend<int>( PRINCIPAL_ID_COL );
   deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
   std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
   editor1.deleteRows( whereClause1 , deleteData1 );
 
   session.close();
   
   return true;
 }

bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet & destinationData )

Definition at line 1109 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), P_ID_COL(), PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                  {
   CSScopedSession session( *this );
   session.start( true  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   Cipher cipher( m_principalKey );
 
   std::auto_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
   query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHO."+ROLE_COL);
   readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
   readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
   readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
   readBuff.extend<std::string>("CREDS."+USERNAME_COL);
   readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
   readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
   coral::AttributeList whereData;
   whereData.extend<int>(P_ID_COL);
   whereData[ P_ID_COL ].data<int>() = m_principalId;
   std::stringstream whereClause;
   whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
   whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
   query->defineOutput(readBuff);
   query->addToOutputList( "AUTHO."+ROLE_COL );
   query->addToOutputList( "AUTHO."+SCHEMA_COL );
   query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
   query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
   query->addToOutputList( "CREDS."+USERNAME_COL );
   query->addToOutputList( "CREDS."+PASSWORD_COL );
   query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
   query->setCondition( whereClause.str(), whereData );
   coral::ICursor& cursor = query->execute();
   while ( cursor.next() ) {
     const coral::AttributeList& row = cursor.currentRow();
     const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
     const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
     const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
     const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
     const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
     const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
     const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
     std::string authKey = cipher.b64decrypt( encryptedAuthKey );
     Cipher connCipher( authKey );
     if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
       destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ),  connCipher.b64decrypt( encryptedPassword ) );
     } 
   }
   session.close();
   return true;
 }

bool cond::CredentialStore::selectPermissions	(	const std::string &	principalName,
		const std::string &	role,
		const std::string &	connectionString,
		std::vector< Permission > &	destination
	)

Definition at line 1268 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, o2o::query, cond::CredentialStore::Permission::role, ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                                {
   CSScopedSession session( *this );
   session.start( true  );
   coral::ISchema& schema = m_session->nominalSchema();
   std::auto_ptr<coral::IQuery> query(schema.newQuery());
   query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
   query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
   query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
   coral::AttributeList readBuff;
   readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
   readBuff.extend<std::string>("AUTHO."+ROLE_COL);
   readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
   readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
   coral::AttributeList whereData;
   std::stringstream whereClause;
   whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
   whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
   if( !principalName.empty() ){
     whereData.extend<std::string>(PRINCIPAL_NAME_COL);
     whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
     whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
   }
   if( !role.empty() ){
     whereData.extend<std::string>(ROLE_COL);
     whereData[ ROLE_COL ].data<std::string>() = role;
     whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
   }
   if( !connectionString.empty() ){
     whereData.extend<std::string>(SCHEMA_COL);
     whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
     whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
   }
   
   query->defineOutput(readBuff);
   query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
   query->addToOutputList( "AUTHO."+ROLE_COL );
   query->addToOutputList( "AUTHO."+SCHEMA_COL );
   query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
   query->setCondition( whereClause.str(), whereData );
   query->addToOrderList( "AUTHO."+SCHEMA_COL );
   query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL  );
   query->addToOrderList( "AUTHO."+ROLE_COL  );
   coral::ICursor& cursor = query->execute();
   bool found = false;
   while ( cursor.next() ) {
     const coral::AttributeList& row = cursor.currentRow();
     destination.resize( destination.size()+1 );
     Permission& perm = destination.back();
     perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
     perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
     perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
     perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
     found = true;
   }
   session.close();
   return found;  
 }

bool cond::CredentialStore::setPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString,
		const std::string &	connectionLabel
	)

Definition at line 964 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, lumiQueryAPI::msg, run_regression::ret, python.IdGenerator::schema, cond::selectConnection(), cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                          {
   CSScopedSession session( *this );
   session.start( false  );
 
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principal, princData );
 
   if( ! found ){
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::setPermission");
   }
 
   CredentialData credsData;
   found = selectConnection( schema, connectionLabel, credsData );
   
   if( ! found ){
     std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::setPermission");
   }
 
   Cipher cipher( m_principalKey );
   bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
   session.close();
   return ret;
 }

bool cond::CredentialStore::setPermission	(	int	principalId,
		const std::string &	principalKey,
		const std::string &	role,
		const std::string &	connectionString,
		int	connectionId,
		const std::string &	connectionKey
	)

private

Definition at line 514 of file CredentialStore.cc.

References AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, ora::SequenceManager::getNextId(), cond::AuthorizationData::id, P_ID_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectAuthorization(), SEQUENCE_TABLE_NAME(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                                                                                                                                                                    {
   coral::ISchema& schema = m_session->nominalSchema();
   Cipher cipher( principalKey );
   std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );
 
   AuthorizationData authData;
   bool found = selectAuthorization( schema, principalId, role, connectionString, authData );
 
   coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
   if( found ) {
     coral::AttributeList updateData;
     updateData.extend<int>( AUTH_ID_COL );
     updateData.extend<int>( C_ID_COL );
     updateData.extend<std::string>( AUTH_KEY_COL );
     updateData[ AUTH_ID_COL ].data<int>() = authData.id;
     updateData[ C_ID_COL ].data<int>() = connectionId;
     updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
     std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
     std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
     editor.updateRows( setCl,whereCl, updateData );
   } else {
 
     ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
     int next = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
     
     coral::AttributeList insertData;
     insertData.extend<int>( AUTH_ID_COL );
     insertData.extend<int>( P_ID_COL );
     insertData.extend<std::string>( ROLE_COL );
     insertData.extend<std::string>( SCHEMA_COL );
     insertData.extend<std::string>( AUTH_KEY_COL );
     insertData.extend<int>( C_ID_COL );
     insertData[ AUTH_ID_COL ].data<int>() = next;
     insertData[ P_ID_COL ].data<int>() = principalId;
     insertData[ ROLE_COL ].data<std::string>() = role;
     insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
     insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
     insertData[ C_ID_COL ].data<int>() = connectionId;
     editor.insertRow( insertData );
   }
   return true;    
 }

std::string cond::CredentialStore::setUpForConnectionString	(	const std::string &	connectionString,
		const std::string &	authPath
	)

Definition at line 694 of file CredentialStore.cc.

References instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

                                                     {
   coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
   if ( ! relationalService.isValid() ){
     coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
     relationalService = coral::Context::instance().query<coral::IRelationalService>();
   }
   coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
   std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
   std::string& serviceName = connTokens.first;
   return setUpForService( serviceName, authPath );
 }

std::string cond::CredentialStore::setUpForService	(	const std::string &	serviceName,
		const std::string &	authPath
	)

Sets the initialization parameters.

Definition at line 662 of file CredentialStore.cc.

References cond::Auth::COND_KEY, mergeVDriftHistosByStation::file, cond::DecodingKey::FILE_PATH, lumiQueryAPI::msg, getHLTPrescaleColumns::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                {
   if( serviceName.empty() ){
     throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );        
   }
   m_serviceName.clear();
   m_serviceData = 0;
 
   if( authPath.empty() ){
     throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
   }
   boost::filesystem::path fullPath( authPath );
   if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
     throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
   }
   boost::filesystem::path file( DecodingKey::FILE_PATH );
   fullPath /= file;
 
   m_key.init( fullPath.string(), Auth::COND_KEY ); 
   
   std::map< std::string, ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
   if( iK == m_key.services().end() ){
     std::string msg("");
     msg += "Service \""+serviceName+"\" can't be open with the current key.";
     throwException( msg,"cond::CredentialStore::setUpConnection" );    
   }
   m_serviceName = serviceName;
   m_serviceData = &iK->second;
   return m_serviceData->connectionString;
 }

void cond::CredentialStore::startSession ( bool readMode )

private

Definition at line 406 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), C_ID_COL(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, o2o::query, ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

                                                      {
   if(!m_serviceData){
     throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );    
   }
   const std::string& storeConnectionString = m_serviceData->connectionString;
 
   std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );
 
   const std::string& userName = m_serviceData->userName;
   const std::string& password = m_serviceData->password;
  
   openSession( connTokens.second, userName, password, true );
 
   coral::ISchema& schema = m_session->nominalSchema();
   if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
      !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
      !schema.existsTable(COND_CREDENTIAL_TABLE) ){
     throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
   }
 
   const std::string& principalName = m_key.principalName();
   // now authenticate...
   PrincipalData princData;
   if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
     throwException( "Invalid credentials provided.(0)",
             "CredentialStore::openSession");
   }
   Cipher cipher0( m_key.principalKey() );
   std::string verifStr = cipher0.b64decrypt( princData.verifKey );
   if( verifStr != principalName ){
     throwException( "Invalid credentials provided (1)",
             "CredentialStore::openSession");
   }
   // ok, authenticated!
   m_principalId = princData.id;
   m_principalKey = cipher0.b64decrypt( princData.principalKey );
   
   if(!readMode ) {
 
     Cipher cipher0( m_principalKey );
     std::string adminKey = cipher0.b64decrypt( princData.adminKey );
     if( adminKey != m_principalKey ){
       // not admin user!
       throwException( "Provided credentials does not allow admin operation.",
               "CredentialStore::openSession");
     }
     
     // first find the credentials for WRITING in the security tables
     std::auto_ptr<coral::IQuery> query(schema.newQuery());
     query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
     query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
     coral::AttributeList readBuff;
     readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
     readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
     readBuff.extend<std::string>("CREDS."+USERNAME_COL);
     readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
     readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
     coral::AttributeList whereData;
     whereData.extend<int>(P_ID_COL);
     whereData.extend<std::string>(ROLE_COL);
     whereData.extend<std::string>(SCHEMA_COL);
     whereData[ P_ID_COL ].data<int>() = m_principalId;
     whereData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
     whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
     std::stringstream whereClause;
     whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
     whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
     whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
     whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
     query->defineOutput(readBuff);
     query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
     query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
     query->addToOutputList( "CREDS."+USERNAME_COL );
     query->addToOutputList( "CREDS."+PASSWORD_COL );
     query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
     query->setCondition( whereClause.str(), whereData );
     coral::ICursor& cursor = query->execute();
     bool found = false;
     std::string writeUserName("");
     std::string writePassword("");
     if ( cursor.next() ) {
       const coral::AttributeList& row = cursor.currentRow();
       const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
       const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
       std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
       Cipher cipher1( connectionKey );
       const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
       const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
       const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
       if( cipher1.b64decrypt( verificationKey ) != connLabel  ){
     throwException( "Could not decrypt credentials.Provided key is invalid.",
             "CredentialStore::startSession");
       }
       writeUserName = cipher1.b64decrypt( encryptedUserName );
       writePassword = cipher1.b64decrypt( encryptedPassword );
       found = true;
     }
     if( ! found ){
       throwException( "Provided credentials are invalid for write access.",
               "CredentialStore::openSession");
     }
     m_session->transaction().commit();
     m_session->endUserSession();
     openSession( connTokens.second, writeUserName, writePassword, false );
 
   }
 }   

void cond::CredentialStore::startSuperSession	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

private

Definition at line 400 of file CredentialStore.cc.

                                                                                                                                     {
   std::pair<std::string,std::string> connTokens = openConnection( connectionString );
   openSession( connTokens.second, userName, password, false );
 }

bool cond::CredentialStore::unsetPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString
	)

Definition at line 995 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, cond::PrincipalData::id, lumiQueryAPI::msg, P_ID_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                             {
   CSScopedSession session( *this );
   session.start( false  );
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principal, princData );
 
   if( ! found ){
     std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
     throwException( msg, "CredentialStore::unsetPermission");
   }
 
   coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
   coral::AttributeList deleteData;
   deleteData.extend<int>( P_ID_COL );
   deleteData.extend<std::string>( ROLE_COL );
   deleteData.extend<std::string>( SCHEMA_COL );
   deleteData[ P_ID_COL ].data<int>() = princData.id;
   deleteData[ ROLE_COL ].data<std::string>() = role;
   deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
   std::stringstream whereClause;
   whereClause << P_ID_COL+" = :"+P_ID_COL;
   whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
   whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
   editor.deleteRows( whereClause.str(), deleteData );
   session.close();
   return true;
 }

bool cond::CredentialStore::updateConnection	(	const std::string &	connectionLabel,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 1027 of file CredentialStore.cc.

References cond::CSScopedSession::close(), python.CommonUtils::session, and cond::CSScopedSession::start().

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

                                                      {
   CSScopedSession session( *this );
   session.start( false  );
 
   m_session->transaction().start();
 
   updateConnection( connectionLabel,userName, password, true ); 
 
   session.close();
   return true;
 }

std::pair< int, std::string > cond::CredentialStore::updateConnection	(	const std::string &	connectionLabel,
		const std::string &	userName,
		const std::string &	password,
		bool	forceUpdate
	)

private

Definition at line 557 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::CredentialData::id, cond::KeyGenerator::make(), PASSWORD_COL(), python.IdGenerator::schema, cond::selectConnection(), SEQUENCE_TABLE_NAME(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::CredentialData::verificationKey.

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

                                                       {
   coral::ISchema& schema = m_session->nominalSchema();
   CredentialData credsData;
   bool found = selectConnection( schema, connectionLabel, credsData );
   int connId = credsData.id;
   
   Cipher adminCipher( m_principalKey );
   std::string connectionKey("");
   coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
   if( found ){
     
     connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
     Cipher cipher( connectionKey );
     std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
     if( verificationKey != connectionLabel ){
       throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
     }
     if( forceUpdate ){
       std::string encryptedUserName = cipher.b64encrypt( userName );
       std::string encryptedPassword = cipher.b64encrypt( password );
      
       coral::AttributeList updateData;
       updateData.extend<int>( CONNECTION_ID_COL );
       updateData.extend<std::string>( USERNAME_COL );
       updateData.extend<std::string>( PASSWORD_COL );
       updateData[ CONNECTION_ID_COL ].data<int>() = connId;
       updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
       updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
       std::stringstream setCl;
       setCl << USERNAME_COL << " = :" << USERNAME_COL;
       setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
       std::string whereCl = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
       editor.updateRows( setCl.str(),whereCl, updateData );
     }
   }
   
   if(!found){
     
     KeyGenerator gen;
     connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
     Cipher cipher( connectionKey );
     std::string encryptedUserName = cipher.b64encrypt( userName );
     std::string encryptedPassword = cipher.b64encrypt( password );
     std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
     
     ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
     connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
     
     coral::AttributeList insertData;
     insertData.extend<int>( CONNECTION_ID_COL );
     insertData.extend<std::string>( CONNECTION_LABEL_COL );
     insertData.extend<std::string>( USERNAME_COL );
     insertData.extend<std::string>( PASSWORD_COL );
     insertData.extend<std::string>( VERIFICATION_KEY_COL );
     insertData.extend<std::string>( CONNECTION_KEY_COL );
     insertData[ CONNECTION_ID_COL ].data<int>() = connId;
     insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
     insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
     insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
     insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
     insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
     editor.insertRow( insertData );
     
     /***
     // then set the admin permission on the new connection
     ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
     int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
     
     coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
     coral::AttributeList authData;
     authData.extend<int>( AUTH_ID_COL );
     authData.extend<int>( P_ID_COL );
     authData.extend<std::string>( ROLE_COL );
     authData.extend<std::string>( SCHEMA_COL );
     authData.extend<std::string>( AUTH_KEY_COL );
     authData.extend<int>( C_ID_COL );
     authData[ AUTH_ID_COL ].data<int>() = authId;
     authData[ P_ID_COL ].data<int>() = m_principalId;
     authData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
     authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
     authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
     authData[ C_ID_COL ].data<int>() = connId;
     authEditor.insertRow( authData );
     **/
   }
   return std::make_pair( connId, connectionKey );
 }

bool cond::CredentialStore::updatePrincipal	(	const std::string &	principal,
		const std::string &	principalKey,
		bool	setAdmin = `false`
	)

Definition at line 891 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), cond::Auth::COND_DB_KEY_SIZE, cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::PrincipalData::id, cond::CredentialData::id, cond::KeyGenerator::make(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python.IdGenerator::schema, cond::schemaLabelForCredentialStore(), cond::selectConnection(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and VERIFICATION_COL().

                                         {
   CSScopedSession session( *this );
   session.start( false  );
 
   coral::ISchema& schema = m_session->nominalSchema();
 
   PrincipalData princData;
   bool found = selectPrincipal( schema, principalName, princData );
 
   Cipher adminCipher( m_principalKey );
   Cipher cipher( authenticationKey );
   std::string verifStr = cipher.b64encrypt( principalName );
   std::string principalKey("");
   if( setAdmin ) principalKey = m_principalKey;
   int principalId = princData.id;
 
   coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
   if( found ){
     if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
     coral::AttributeList updateData;
     updateData.extend<int>( PRINCIPAL_ID_COL );
     updateData.extend<std::string>( VERIFICATION_COL );
     updateData.extend<std::string>( PRINCIPAL_KEY_COL );
     updateData.extend<std::string>( ADMIN_KEY_COL );
     updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
     updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
     updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
     updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
     std::stringstream setClause;
     setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
     setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
     setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
     std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
     editor.updateRows( setClause.str(),whereClause, updateData );
   } else {
     if( principalKey.empty() ) {
       KeyGenerator gen;
       principalKey = gen.make( Auth::COND_DB_KEY_SIZE );
     }
 
     coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
 
     ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
     principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
         
     coral::AttributeList authData;
     editor0.rowBuffer(authData);
     authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
     authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
     authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
     authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
     authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
     editor0.insertRow( authData );
   }
 
   if(setAdmin){
     std::string connString = m_serviceData->connectionString;
     std::string connLabel = schemaLabelForCredentialStore( connString );
     CredentialData credsData;
     bool found = selectConnection( schema, connLabel, credsData );
     if(!found){
       throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
     }
     setPermission( principalId, principalKey, Auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
   }
 
   session.close();
   return true;
 }

Friends And Related Function Documentation

friend class CSScopedSession

friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE

static

Definition at line 87 of file CredentialStore.h.

boost::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection

private

Definition at line 163 of file CredentialStore.h.

DecodingKey cond::CredentialStore::m_key

private

Definition at line 172 of file CredentialStore.h.

int cond::CredentialStore::m_principalId

private

Definition at line 166 of file CredentialStore.h.

std::string cond::CredentialStore::m_principalKey

private

Definition at line 167 of file CredentialStore.h.

const ServiceCredentials* cond::CredentialStore::m_serviceData

private

Definition at line 170 of file CredentialStore.h.

std::string cond::CredentialStore::m_serviceName

private

Definition at line 169 of file CredentialStore.h.

boost::shared_ptr<coral::ISession> cond::CredentialStore::m_session

private

Definition at line 164 of file CredentialStore.h.

Classes

Public Member Functions

Static Public Attributes

Private Member Functions

Private Attributes

Friends

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Friends And Related Function Documentation

Member Data Documentation