CMS 3D CMS Logo

 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Pages
List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
bool installAdmin (const std::string &userName, const std::string &password)
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

int addUser (const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)
 
void closeSession (bool commit=true)
 
std::pair< std::string,
std::string > 
openConnection (const std::string &connectionString)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void openSession (bool readOnly=true)
 
bool setPermission (int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 
std::pair< int, std::string > updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
 

Private Attributes

boost::shared_ptr
< coral::IConnection > 
m_connection
 
DecodingKey m_key
 
int m_principalId
 
std::string m_principalKey
 
const ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
boost::shared_ptr
< coral::ISession > 
m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 648 of file CredentialStore.cc.

648  :
649  m_connection(),
650  m_session(),
651  m_principalId(-1),
652  m_principalKey(""),
653  m_serviceName(""),
654  m_serviceData(0),
655  m_key(){
656 }
const ServiceCredentials * m_serviceData
boost::shared_ptr< coral::ISession > m_session
boost::shared_ptr< coral::IConnection > m_connection
cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 658 of file CredentialStore.cc.

658  {
659 }

Member Function Documentation

int cond::CredentialStore::addUser ( const std::string &  principalName,
const std::string &  authenticationKey,
const std::string &  principalKey,
const std::string &  adminKey 
)
private

Definition at line 356 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::Cipher::b64encrypt(), COND_AUTHENTICATION_TABLE(), ora::SequenceManager::getNextId(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python.IdGenerator::schema, SEQUENCE_TABLE_NAME(), AlCaHLTBitMon_QueryRunRegistry::string, and VERIFICATION_COL().

356  {
357 
358  coral::ISchema& schema = m_session->nominalSchema();
359  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
360 
361  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
362  int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
363 
364  Cipher cipher0( authenticationKey );
365  Cipher cipher1( adminKey );
366 
367  coral::AttributeList authData;
368  editor0.rowBuffer(authData);
369  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
370  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
371  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
372  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
373  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
374  editor0.insertRow( authData );
375  return principalId;
376 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_COL("CRED0")
static const std::string PRINCIPAL_ID_COL("P_ID")
boost::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 337 of file CredentialStore.cc.

337  {
338 
339  if( m_session.get() ){
340  if(m_session->transaction().isActive()){
341  if( commit ){
342  m_session->transaction().commit();
343  } else {
344  m_session->transaction().rollback();
345  }
346  }
347  m_session->endUserSession();
348  }
349  m_session.reset();
350  if( m_connection.get() ){
351  m_connection->disconnect();
352  }
353  m_connection.reset();
354 }
boost::shared_ptr< coral::ISession > m_session
boost::shared_ptr< coral::IConnection > m_connection
bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 709 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), ora::SequenceManager::create(), P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

709  {
710  CSScopedSession session( *this );
711  session.startSuper( connectionString, userName, password );
712 
713  coral::ISchema& schema = m_session->nominalSchema();
714  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
715  throwException("Credential database, already exists.","CredentialStore::create");
716  }
717  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME, schema );
718  int columnSize = 2000;
719 
720  // authentication table
721  sequenceMgr.create( COND_AUTHENTICATION_TABLE );
722  coral::TableDescription descr0;
723  descr0.setName( COND_AUTHENTICATION_TABLE );
724  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
725  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
726  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
727  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
728  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
729  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
730  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
731  descr0.setNotNullConstraint( VERIFICATION_COL );
732  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
733  descr0.setNotNullConstraint( ADMIN_KEY_COL );
734  std::vector<std::string> columnsUnique;
735  columnsUnique.push_back( PRINCIPAL_NAME_COL);
736  descr0.setUniqueConstraint( columnsUnique );
737  std::vector<std::string> columnsForIndex;
738  columnsForIndex.push_back(PRINCIPAL_ID_COL);
739  descr0.setPrimaryKey( columnsForIndex );
740  schema.createTable( descr0 );
741 
742  // authorization table
743  sequenceMgr.create( COND_AUTHORIZATION_TABLE );
744  coral::TableDescription descr1;
745  descr1.setName( COND_AUTHORIZATION_TABLE );
746  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
747  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
748  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
749  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
750  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
751  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
752  descr1.setNotNullConstraint( AUTH_ID_COL );
753  descr1.setNotNullConstraint( P_ID_COL );
754  descr1.setNotNullConstraint( ROLE_COL );
755  descr1.setNotNullConstraint( SCHEMA_COL );
756  descr1.setNotNullConstraint( AUTH_KEY_COL );
757  descr1.setNotNullConstraint( C_ID_COL );
758  columnsUnique.clear();
759  columnsUnique.push_back( P_ID_COL);
760  columnsUnique.push_back( ROLE_COL);
761  columnsUnique.push_back( SCHEMA_COL);
762  descr1.setUniqueConstraint( columnsUnique );
763  columnsForIndex.clear();
764  columnsForIndex.push_back(AUTH_ID_COL);
765  descr1.setPrimaryKey( columnsForIndex );
766  schema.createTable( descr1 );
767 
768  // credential table
769  sequenceMgr.create( COND_CREDENTIAL_TABLE );
770  coral::TableDescription descr2;
771  descr2.setName( COND_CREDENTIAL_TABLE );
772  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
773  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
774  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
775  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
776  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
777  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
778  descr2.setNotNullConstraint( CONNECTION_ID_COL );
779  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
780  descr2.setNotNullConstraint( USERNAME_COL );
781  descr2.setNotNullConstraint( PASSWORD_COL );
782  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
783  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
784  columnsUnique.clear();
785  columnsUnique.push_back( CONNECTION_LABEL_COL);
786  descr2.setUniqueConstraint( columnsUnique );
787  columnsForIndex.clear();
788  columnsForIndex.push_back(CONNECTION_ID_COL);
789  descr2.setPrimaryKey( columnsForIndex );
790  schema.createTable( descr2 );
791 
792  session.close();
793  return true;
794 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
static const std::string PRINCIPAL_ID_COL("P_ID")
boost::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 797 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), python.IdGenerator::schema, SEQUENCE_TABLE_NAME(), python.CommonUtils::session, and cond::CSScopedSession::startSuper().

797  {
798  CSScopedSession session( *this );
799  session.startSuper( connectionString, userName, password );
800 
801  coral::ISchema& schema = m_session->nominalSchema();
802  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
803  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
804  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
805  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
806  session.close();
807  return true;
808 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
friend class CSScopedSession
boost::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1329 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1329  {
1330  CSScopedSession session( *this );
1331  session.start( true );
1332  coral::ISchema& schema = m_session->nominalSchema();
1333  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1334  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1335  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1336  coral::AttributeList readBuff;
1337  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1338  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1339  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1340  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1341  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
1342  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1343  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1344  coral::AttributeList whereData;
1345  std::stringstream whereClause;
1346  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1347 
1348  query->defineOutput(readBuff);
1349  query->addToOutputList( "AUTHO."+ROLE_COL );
1350  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1351  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1352  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1353  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
1354  query->addToOutputList( "CREDS."+USERNAME_COL );
1355  query->addToOutputList( "CREDS."+PASSWORD_COL );
1356  query->setCondition( whereClause.str(), whereData );
1357  coral::ICursor& cursor = query->execute();
1358  bool found = false;
1359  Cipher cipher0( m_principalKey );
1360  while ( cursor.next() ) {
1361  const coral::AttributeList& row = cursor.currentRow();
1362  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1363  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1364  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1365  const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1366  const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
1367  std::string userName("");
1368  std::string password("");
1369  std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
1370  Cipher cipher1( connectionKey );
1371  std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
1372  if( verifKey == connectionLabel ){
1373  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
1374  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
1375  userName = cipher1.b64decrypt( encryptedUserName );
1376  password = cipher1.b64decrypt( encryptedPassword );
1377  }
1378  data.registerCredentials( connectionString, role, userName, password );
1379  found = true;
1380  }
1381  session.close();
1382  return found;
1383 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
boost::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
tuple query
Definition: o2o.py:269
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1162 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), results_mgr::conn, coral_bridge::AuthenticationCredentialSet::data(), newFWLiteAna::found, cond::PrincipalData::id, python.multivaluedict::map(), visualization-live-secondInstance_cfg::msg, geometryXMLtoCSV::parser, python.IdGenerator::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1164  {
1165  CSScopedSession session( *this );
1166  session.start( false );
1167  coral::ISchema& schema = m_session->nominalSchema();
1168 
1169  PrincipalData princData;
1170  bool found = selectPrincipal( schema, principal, princData );
1171 
1172  if( ! found ){
1173  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1174  throwException( msg, "CredentialStore::importForPrincipal");
1175  }
1176 
1177  bool imported = false;
1178  Cipher cipher( m_principalKey );
1179  std::string princKey = cipher.b64decrypt( princData.adminKey);
1180 
1181  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
1182  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
1183  const std::string& connectionString = iConn->first.first;
1184  coral::URIParser parser;
1185  parser.setURI( connectionString );
1186  std::string serviceName = parser.hostName();
1187  const std::string& role = iConn->first.second;
1188  std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
1189  std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
1190  // first import the connections
1191  std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
1192  Cipher cipher( m_principalKey );
1193  // than set the permission for the specific role
1194  setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
1195  imported = true;
1196  }
1197  session.close();
1198  return imported;
1199 }
static const std::string serviceName
bool updateConnection(const std::string &connectionLabel, const std::string &userName, const std::string &password)
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
boost::shared_ptr< coral::ISession > m_session
tuple conn
Definition: results_mgr.py:53
bool cond::CredentialStore::installAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 810 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::Auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::KeyGenerator::make(), visualization-live-secondInstance_cfg::msg, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::schemaLabelForCredentialStore(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

810  {
811  if(!m_serviceData){
812  throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );
813  }
814  const std::string& connectionString = m_serviceData->connectionString;
815  const std::string& principalName = m_key.principalName();
816 
817  CSScopedSession session( *this );
818  session.startSuper( connectionString, userName, password );
819 
820  coral::ISchema& schema = m_session->nominalSchema();
821 
822  PrincipalData princData;
823  bool found = selectPrincipal( schema, principalName, princData );
824 
825  if( found ){
826  std::string msg("Principal \"");
827  msg += principalName + "\" has been installed already.";
828  throwException(msg,"CredentialStore::installAdmin");
829  }
830 
831  KeyGenerator gen;
833 
834  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
835 
836  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
837  int principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
838 
839  Cipher cipher0( m_key.principalKey() );
840  Cipher cipher1( m_principalKey );
841 
842  coral::AttributeList authData;
843  editor0.rowBuffer(authData);
844  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
845  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
846  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
847  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
848  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
849  editor0.insertRow( authData );
850 
851  std::string connLabel = schemaLabelForCredentialStore( connectionString );
852  DecodingKey tmpKey;
853  std::string connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
854  std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );
855 
856  Cipher cipher2( connectionKey );
857  std::string encryptedUserName = cipher2.b64encrypt( userName );
858  std::string encryptedPassword = cipher2.b64encrypt( password );
859  std::string encryptedLabel = cipher2.b64encrypt( connLabel );
860 
861  int connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
862 
863  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
864  coral::AttributeList connectionData;
865  editor1.rowBuffer(connectionData);
866  connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
867  connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
868  connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
869  connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
870  connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
871  connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
872  editor1.insertRow( connectionData );
873 
874  int authId = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
875 
876  coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
877  coral::AttributeList permissionData;
878  editor2.rowBuffer(permissionData);
879  permissionData[ AUTH_ID_COL ].data<int>() = authId;
880  permissionData[ P_ID_COL ].data<int>() = principalId;
881  permissionData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
882  permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
883  permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
884  permissionData[ C_ID_COL ].data<int>() = connId;
885  editor2.insertRow( permissionData );
886 
887  session.close();
888  return true;
889 }
static const std::string COND_ADMIN_ROLE
Definition: Auth.h:20
static const std::string ROLE_COL("C_ROLE")
std::string connectionString
Definition: DecodingKey.h:13
static const std::string SCHEMA_COL("C_SCHEMA")
const ServiceCredentials * m_serviceData
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
const std::string & principalKey() const
Definition: DecodingKey.h:109
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
static const std::string USERNAME_COL("CRED4")
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
std::string schemaLabelForCredentialStore(const std::string &connectionString)
static const std::string CONNECTION_ID_COL("CONN_ID")
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
static const std::string PRINCIPAL_ID_COL("P_ID")
static const unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
boost::shared_ptr< coral::ISession > m_session
const std::string & principalName() const
Definition: DecodingKey.h:103
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1385 of file CredentialStore.cc.

1385  {
1386  return m_key.principalName();
1387 }
const std::string & principalName() const
Definition: DecodingKey.h:103
bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1224 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), roll_playback::destination, newFWLiteAna::found, PASSWORD_COL(), o2o::query, python.IdGenerator::schema, python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1224  {
1225  CSScopedSession session( *this );
1226  session.start( true );
1227  coral::ISchema& schema = m_session->nominalSchema();
1228 
1229  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
1230  coral::AttributeList readBuff;
1231  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
1232  readBuff.extend<std::string>( USERNAME_COL );
1233  readBuff.extend<std::string>( PASSWORD_COL );
1234  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
1235  readBuff.extend<std::string>( CONNECTION_KEY_COL );
1236  query->defineOutput(readBuff);
1237  query->addToOutputList( CONNECTION_LABEL_COL );
1238  query->addToOutputList( USERNAME_COL );
1239  query->addToOutputList( PASSWORD_COL );
1240  query->addToOutputList( VERIFICATION_KEY_COL );
1241  query->addToOutputList( CONNECTION_KEY_COL );
1242  coral::ICursor& cursor = query->execute();
1243  bool found = false;
1244  Cipher cipher0(m_principalKey );
1245  while ( cursor.next() ) {
1246  std::string userName("");
1247  std::string password("");
1248  const coral::AttributeList& row = cursor.currentRow();
1249  const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
1250  const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
1251  const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
1252  std::string connKey = cipher0.b64decrypt( encryptedKey );
1253  Cipher cipher1( connKey );
1254  std::string verif = cipher1.b64decrypt( encryptedVerif );
1255  if( verif == connLabel ){
1256  const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
1257  const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
1258  userName = cipher1.b64decrypt( encryptedUserName );
1259  password = cipher1.b64decrypt( encryptedPassword );
1260  }
1261  destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
1262  found = true;
1263  }
1264  session.close();
1265  return found;
1266 }
string destination
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
boost::shared_ptr< coral::ISession > m_session
tuple query
Definition: o2o.py:269
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1201 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), newFWLiteAna::found, PRINCIPAL_NAME_COL(), o2o::query, python.IdGenerator::schema, python.CommonUtils::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

1201  {
1202 
1203  CSScopedSession session( *this );
1204  session.start( true );
1205  coral::ISchema& schema = m_session->nominalSchema();
1206 
1207  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
1208  coral::AttributeList readBuff;
1209  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1210  query->defineOutput(readBuff);
1211  query->addToOutputList( PRINCIPAL_NAME_COL );
1212  coral::ICursor& cursor = query->execute();
1213  bool found = false;
1214  while ( cursor.next() ) {
1215  found = true;
1216  const coral::AttributeList& row = cursor.currentRow();
1217  destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
1218  }
1219  session.close();
1220  return found;
1221 }
string destination
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
friend class CSScopedSession
boost::shared_ptr< coral::ISession > m_session
tuple query
Definition: o2o.py:269
static const std::string PRINCIPAL_NAME_COL("P_NAME")
std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 378 of file CredentialStore.cc.

References instance.

378  {
379  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
380  if ( ! relationalService.isValid() ){
381  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
382  relationalService = coral::Context::instance().query<coral::IRelationalService>();
383  }
384  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
385  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
386  m_connection.reset( domain.newConnection( connTokens.first ) );
387  m_connection->connect();
388  return connTokens;
389 }
static PFTauRenderPlugin instance
boost::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 391 of file CredentialStore.cc.

391  {
392  coral::AccessMode accessMode = coral::ReadOnly;
393  if( !readMode ) accessMode = coral::Update;
394  m_session.reset( m_connection->newSession( schemaName, accessMode) );
395  m_session->startUserSession( userName, password );
396  // open read-only transaction
397  m_session->transaction().start( readMode );
398 }
boost::shared_ptr< coral::ISession > m_session
boost::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( bool  readOnly = true)
private
bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1075 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), newFWLiteAna::found, cond::CredentialData::id, visualization-live-secondInstance_cfg::msg, python.IdGenerator::schema, cond::selectConnection(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1075  {
1076  CSScopedSession session( *this );
1077  session.start( false );
1078  coral::ISchema& schema = m_session->nominalSchema();
1079 
1080  CredentialData credsData;
1081  bool found = selectConnection( schema, connectionLabel, credsData );
1082 
1083  if( ! found ){
1084  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1085  throwException( msg, "CredentialStore::removeConnection");
1086  }
1087 
1088  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1089 
1090  coral::AttributeList deleteData0;
1091  deleteData0.extend<int>( C_ID_COL );
1092  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
1093  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
1094  editor0.deleteRows( whereClause0 , deleteData0 );
1095 
1096  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
1097 
1098  coral::AttributeList deleteData1;
1099  deleteData1.extend<int>( CONNECTION_ID_COL );
1100  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
1101  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
1102  editor1.deleteRows( whereClause1 , deleteData1 );
1103 
1104  session.close();
1105 
1106  return true;
1107 }
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
boost::shared_ptr< coral::ISession > m_session
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1041 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), newFWLiteAna::found, cond::PrincipalData::id, visualization-live-secondInstance_cfg::msg, P_ID_COL(), PRINCIPAL_ID_COL(), python.IdGenerator::schema, cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1041  {
1042  CSScopedSession session( *this );
1043  session.start( false );
1044  coral::ISchema& schema = m_session->nominalSchema();
1045 
1046  PrincipalData princData;
1047  bool found = selectPrincipal( schema, principal, princData );
1048 
1049  if( ! found ){
1050  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1051  throwException( msg, "CredentialStore::removePrincipal");
1052  }
1053 
1054  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1055 
1056  coral::AttributeList deleteData0;
1057  deleteData0.extend<int>( P_ID_COL );
1058  deleteData0[ P_ID_COL ].data<int>() = princData.id;
1059  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
1060  editor0.deleteRows( whereClause0 , deleteData0 );
1061 
1062  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
1063 
1064  coral::AttributeList deleteData1;
1065  deleteData1.extend<int>( PRINCIPAL_ID_COL );
1066  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
1067  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
1068  editor1.deleteRows( whereClause1 , deleteData1 );
1069 
1070  session.close();
1071 
1072  return true;
1073 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
static const std::string PRINCIPAL_ID_COL("P_ID")
boost::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1109 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), P_ID_COL(), PASSWORD_COL(), o2o::query, coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1109  {
1110  CSScopedSession session( *this );
1111  session.start( true );
1112  coral::ISchema& schema = m_session->nominalSchema();
1113 
1114  Cipher cipher( m_principalKey );
1115 
1116  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1117  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1118  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1119  coral::AttributeList readBuff;
1120  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1121  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1122  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
1123  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1124  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1125  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1126  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1127  coral::AttributeList whereData;
1128  whereData.extend<int>(P_ID_COL);
1129  whereData[ P_ID_COL ].data<int>() = m_principalId;
1130  std::stringstream whereClause;
1131  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1132  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
1133  query->defineOutput(readBuff);
1134  query->addToOutputList( "AUTHO."+ROLE_COL );
1135  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1136  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
1137  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1138  query->addToOutputList( "CREDS."+USERNAME_COL );
1139  query->addToOutputList( "CREDS."+PASSWORD_COL );
1140  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1141  query->setCondition( whereClause.str(), whereData );
1142  coral::ICursor& cursor = query->execute();
1143  while ( cursor.next() ) {
1144  const coral::AttributeList& row = cursor.currentRow();
1145  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1146  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1147  const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
1148  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1149  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
1150  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
1151  const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1152  std::string authKey = cipher.b64decrypt( encryptedAuthKey );
1153  Cipher connCipher( authKey );
1154  if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
1155  destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ), connCipher.b64decrypt( encryptedPassword ) );
1156  }
1157  }
1158  session.close();
1159  return true;
1160 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
boost::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
tuple query
Definition: o2o.py:269
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1268 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, newFWLiteAna::found, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, o2o::query, cond::CredentialStore::Permission::role, ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), python.CommonUtils::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

1271  {
1272  CSScopedSession session( *this );
1273  session.start( true );
1274  coral::ISchema& schema = m_session->nominalSchema();
1275  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1276  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
1277  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1278  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1279  coral::AttributeList readBuff;
1280  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
1281  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1282  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1283  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1284  coral::AttributeList whereData;
1285  std::stringstream whereClause;
1286  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
1287  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1288  if( !principalName.empty() ){
1289  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1290  whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
1291  whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
1292  }
1293  if( !role.empty() ){
1294  whereData.extend<std::string>(ROLE_COL);
1295  whereData[ ROLE_COL ].data<std::string>() = role;
1296  whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
1297  }
1298  if( !connectionString.empty() ){
1299  whereData.extend<std::string>(SCHEMA_COL);
1300  whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
1301  whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1302  }
1303 
1304  query->defineOutput(readBuff);
1305  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
1306  query->addToOutputList( "AUTHO."+ROLE_COL );
1307  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1308  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1309  query->setCondition( whereClause.str(), whereData );
1310  query->addToOrderList( "AUTHO."+SCHEMA_COL );
1311  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL );
1312  query->addToOrderList( "AUTHO."+ROLE_COL );
1313  coral::ICursor& cursor = query->execute();
1314  bool found = false;
1315  while ( cursor.next() ) {
1316  const coral::AttributeList& row = cursor.currentRow();
1317  destination.resize( destination.size()+1 );
1318  Permission& perm = destination.back();
1319  perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
1320  perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1321  perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1322  perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1323  found = true;
1324  }
1325  session.close();
1326  return found;
1327 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
string destination
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
static const std::string PRINCIPAL_ID_COL("P_ID")
boost::shared_ptr< coral::ISession > m_session
tuple query
Definition: o2o.py:269
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 964 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, newFWLiteAna::found, cond::PrincipalData::id, cond::CredentialData::id, visualization-live-secondInstance_cfg::msg, run_regression::ret, python.IdGenerator::schema, cond::selectConnection(), cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

967  {
968  CSScopedSession session( *this );
969  session.start( false );
970 
971  coral::ISchema& schema = m_session->nominalSchema();
972 
973  PrincipalData princData;
974  bool found = selectPrincipal( schema, principal, princData );
975 
976  if( ! found ){
977  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
978  throwException( msg, "CredentialStore::setPermission");
979  }
980 
981  CredentialData credsData;
982  found = selectConnection( schema, connectionLabel, credsData );
983 
984  if( ! found ){
985  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
986  throwException( msg, "CredentialStore::setPermission");
987  }
988 
989  Cipher cipher( m_principalKey );
990  bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
991  session.close();
992  return ret;
993 }
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
boost::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::setPermission ( int  principalId,
const std::string &  principalKey,
const std::string &  role,
const std::string &  connectionString,
int  connectionId,
const std::string &  connectionKey 
)
private

Definition at line 514 of file CredentialStore.cc.

References AUTH_ID_COL(), AUTH_KEY_COL(), cond::Cipher::b64encrypt(), C_ID_COL(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, ora::SequenceManager::getNextId(), cond::AuthorizationData::id, GetRecoTauVFromDQM_MC_cff::next, P_ID_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectAuthorization(), SEQUENCE_TABLE_NAME(), and AlCaHLTBitMon_QueryRunRegistry::string.

514  {
515  coral::ISchema& schema = m_session->nominalSchema();
516  Cipher cipher( principalKey );
517  std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );
518 
519  AuthorizationData authData;
520  bool found = selectAuthorization( schema, principalId, role, connectionString, authData );
521 
522  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
523  if( found ) {
524  coral::AttributeList updateData;
525  updateData.extend<int>( AUTH_ID_COL );
526  updateData.extend<int>( C_ID_COL );
527  updateData.extend<std::string>( AUTH_KEY_COL );
528  updateData[ AUTH_ID_COL ].data<int>() = authData.id;
529  updateData[ C_ID_COL ].data<int>() = connectionId;
530  updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
531  std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
532  std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
533  editor.updateRows( setCl,whereCl, updateData );
534  } else {
535 
536  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
537  int next = sequenceMgr.getNextId( COND_AUTHORIZATION_TABLE, true );
538 
539  coral::AttributeList insertData;
540  insertData.extend<int>( AUTH_ID_COL );
541  insertData.extend<int>( P_ID_COL );
542  insertData.extend<std::string>( ROLE_COL );
543  insertData.extend<std::string>( SCHEMA_COL );
544  insertData.extend<std::string>( AUTH_KEY_COL );
545  insertData.extend<int>( C_ID_COL );
546  insertData[ AUTH_ID_COL ].data<int>() = next;
547  insertData[ P_ID_COL ].data<int>() = principalId;
548  insertData[ ROLE_COL ].data<std::string>() = role;
549  insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
550  insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
551  insertData[ C_ID_COL ].data<int>() = connectionId;
552  editor.insertRow( insertData );
553  }
554  return true;
555 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
bool selectAuthorization(coral::ISchema &schema, int principalId, const std::string &role, const std::string &connectionString, AuthorizationData &destination)
tuple editor
Definition: idDealer.py:73
boost::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string P_ID_COL("P_ID")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 694 of file CredentialStore.cc.

References instance, serviceName, and AlCaHLTBitMon_QueryRunRegistry::string.

695  {
696  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
697  if ( ! relationalService.isValid() ){
698  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
699  relationalService = coral::Context::instance().query<coral::IRelationalService>();
700  }
701  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
702  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
703  std::string& serviceName = connTokens.first;
704  return setUpForService( serviceName, authPath );
705 }
static PFTauRenderPlugin instance
static const std::string serviceName
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 662 of file CredentialStore.cc.

References cond::Auth::COND_KEY, mergeVDriftHistosByStation::file, cond::DecodingKey::FILE_PATH, contentValuesFiles::fullPath, visualization-live-secondInstance_cfg::msg, cmsHarvester::path, serviceName, AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

663  {
664  if( serviceName.empty() ){
665  throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );
666  }
667  m_serviceName.clear();
668  m_serviceData = 0;
669 
670  if( authPath.empty() ){
671  throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
672  }
674  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
675  throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
676  }
678  fullPath /= file;
679 
680  m_key.init( fullPath.string(), Auth::COND_KEY );
681 
682  std::map< std::string, ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
683  if( iK == m_key.services().end() ){
684  std::string msg("");
685  msg += "Service \""+serviceName+"\" can't be open with the current key.";
686  throwException( msg,"cond::CredentialStore::setUpConnection" );
687  }
689  m_serviceData = &iK->second;
691 }
static const std::string FILE_PATH
Definition: DecodingKey.h:37
static const std::string COND_KEY
Definition: Auth.h:23
std::string connectionString
Definition: DecodingKey.h:13
const ServiceCredentials * m_serviceData
static const std::string serviceName
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:127
tuple path
else: Piece not in the list, fine.
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:111
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 406 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), C_ID_COL(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), newFWLiteAna::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, o2o::query, ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

406  {
407  if(!m_serviceData){
408  throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );
409  }
410  const std::string& storeConnectionString = m_serviceData->connectionString;
411 
412  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );
413 
414  const std::string& userName = m_serviceData->userName;
415  const std::string& password = m_serviceData->password;
416 
417  openSession( connTokens.second, userName, password, true );
418 
419  coral::ISchema& schema = m_session->nominalSchema();
420  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
421  !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
422  !schema.existsTable(COND_CREDENTIAL_TABLE) ){
423  throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
424  }
425 
426  const std::string& principalName = m_key.principalName();
427  // now authenticate...
428  PrincipalData princData;
429  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
430  throwException( "Invalid credentials provided.(0)",
431  "CredentialStore::openSession");
432  }
433  Cipher cipher0( m_key.principalKey() );
434  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
435  if( verifStr != principalName ){
436  throwException( "Invalid credentials provided (1)",
437  "CredentialStore::openSession");
438  }
439  // ok, authenticated!
440  m_principalId = princData.id;
441  m_principalKey = cipher0.b64decrypt( princData.principalKey );
442 
443  if(!readMode ) {
444 
445  Cipher cipher0( m_principalKey );
446  std::string adminKey = cipher0.b64decrypt( princData.adminKey );
447  if( adminKey != m_principalKey ){
448  // not admin user!
449  throwException( "Provided credentials does not allow admin operation.",
450  "CredentialStore::openSession");
451  }
452 
453  // first find the credentials for WRITING in the security tables
454  std::auto_ptr<coral::IQuery> query(schema.newQuery());
455  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
456  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
457  coral::AttributeList readBuff;
458  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
459  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
460  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
461  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
462  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
463  coral::AttributeList whereData;
464  whereData.extend<int>(P_ID_COL);
465  whereData.extend<std::string>(ROLE_COL);
466  whereData.extend<std::string>(SCHEMA_COL);
467  whereData[ P_ID_COL ].data<int>() = m_principalId;
468  whereData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
469  whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
470  std::stringstream whereClause;
471  whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
472  whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
473  whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
474  whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
475  query->defineOutput(readBuff);
476  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
477  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
478  query->addToOutputList( "CREDS."+USERNAME_COL );
479  query->addToOutputList( "CREDS."+PASSWORD_COL );
480  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
481  query->setCondition( whereClause.str(), whereData );
482  coral::ICursor& cursor = query->execute();
483  bool found = false;
484  std::string writeUserName("");
485  std::string writePassword("");
486  if ( cursor.next() ) {
487  const coral::AttributeList& row = cursor.currentRow();
488  const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
489  const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
490  std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
491  Cipher cipher1( connectionKey );
492  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
493  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
494  const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
495  if( cipher1.b64decrypt( verificationKey ) != connLabel ){
496  throwException( "Could not decrypt credentials.Provided key is invalid.",
497  "CredentialStore::startSession");
498  }
499  writeUserName = cipher1.b64decrypt( encryptedUserName );
500  writePassword = cipher1.b64decrypt( encryptedPassword );
501  found = true;
502  }
503  if( ! found ){
504  throwException( "Provided credentials are invalid for write access.",
505  "CredentialStore::openSession");
506  }
507  m_session->transaction().commit();
508  m_session->endUserSession();
509  openSession( connTokens.second, writeUserName, writePassword, false );
510 
511  }
512 }
static const std::string COND_ADMIN_ROLE
Definition: Auth.h:20
static const std::string ROLE_COL("C_ROLE")
std::string connectionString
Definition: DecodingKey.h:13
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
static const std::string SCHEMA_COL("C_SCHEMA")
const ServiceCredentials * m_serviceData
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string VERIFICATION_KEY_COL("CRED6")
const std::string & principalKey() const
Definition: DecodingKey.h:109
static const std::string USERNAME_COL("CRED4")
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string CONNECTION_ID_COL("CONN_ID")
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
boost::shared_ptr< coral::ISession > m_session
const std::string & principalName() const
Definition: DecodingKey.h:103
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
tuple query
Definition: o2o.py:269
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 400 of file CredentialStore.cc.

400  {
401  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
402  openSession( connTokens.second, userName, password, false );
403 }
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 995 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, newFWLiteAna::found, cond::PrincipalData::id, visualization-live-secondInstance_cfg::msg, P_ID_COL(), ROLE_COL(), python.IdGenerator::schema, SCHEMA_COL(), cond::selectPrincipal(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

997  {
998  CSScopedSession session( *this );
999  session.start( false );
1000  coral::ISchema& schema = m_session->nominalSchema();
1001 
1002  PrincipalData princData;
1003  bool found = selectPrincipal( schema, principal, princData );
1004 
1005  if( ! found ){
1006  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1007  throwException( msg, "CredentialStore::unsetPermission");
1008  }
1009 
1010  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1011  coral::AttributeList deleteData;
1012  deleteData.extend<int>( P_ID_COL );
1013  deleteData.extend<std::string>( ROLE_COL );
1014  deleteData.extend<std::string>( SCHEMA_COL );
1015  deleteData[ P_ID_COL ].data<int>() = princData.id;
1016  deleteData[ ROLE_COL ].data<std::string>() = role;
1017  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
1018  std::stringstream whereClause;
1019  whereClause << P_ID_COL+" = :"+P_ID_COL;
1020  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
1021  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1022  editor.deleteRows( whereClause.str(), deleteData );
1023  session.close();
1024  return true;
1025 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
tuple editor
Definition: idDealer.py:73
boost::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1027 of file CredentialStore.cc.

References cond::CSScopedSession::close(), python.CommonUtils::session, and cond::CSScopedSession::start().

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

1029  {
1030  CSScopedSession session( *this );
1031  session.start( false );
1032 
1033  m_session->transaction().start();
1034 
1035  updateConnection( connectionLabel,userName, password, true );
1036 
1037  session.close();
1038  return true;
1039 }
bool updateConnection(const std::string &connectionLabel, const std::string &userName, const std::string &password)
friend class CSScopedSession
boost::shared_ptr< coral::ISession > m_session
std::pair< int, std::string > cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password,
bool  forceUpdate 
)
private

Definition at line 557 of file CredentialStore.cc.

References cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::CredentialData::id, cond::KeyGenerator::make(), PASSWORD_COL(), python.IdGenerator::schema, cond::selectConnection(), SEQUENCE_TABLE_NAME(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::CredentialData::verificationKey.

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

560  {
561  coral::ISchema& schema = m_session->nominalSchema();
562  CredentialData credsData;
563  bool found = selectConnection( schema, connectionLabel, credsData );
564  int connId = credsData.id;
565 
566  Cipher adminCipher( m_principalKey );
567  std::string connectionKey("");
568  coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
569  if( found ){
570 
571  connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
572  Cipher cipher( connectionKey );
573  std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
574  if( verificationKey != connectionLabel ){
575  throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
576  }
577  if( forceUpdate ){
578  std::string encryptedUserName = cipher.b64encrypt( userName );
579  std::string encryptedPassword = cipher.b64encrypt( password );
580 
581  coral::AttributeList updateData;
582  updateData.extend<int>( CONNECTION_ID_COL );
583  updateData.extend<std::string>( USERNAME_COL );
584  updateData.extend<std::string>( PASSWORD_COL );
585  updateData[ CONNECTION_ID_COL ].data<int>() = connId;
586  updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
587  updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
588  std::stringstream setCl;
589  setCl << USERNAME_COL << " = :" << USERNAME_COL;
590  setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
592  editor.updateRows( setCl.str(),whereCl, updateData );
593  }
594  }
595 
596  if(!found){
597 
598  KeyGenerator gen;
599  connectionKey = gen.make( Auth::COND_DB_KEY_SIZE );
600  Cipher cipher( connectionKey );
601  std::string encryptedUserName = cipher.b64encrypt( userName );
602  std::string encryptedPassword = cipher.b64encrypt( password );
603  std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
604 
605  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
606  connId = sequenceMgr.getNextId( COND_CREDENTIAL_TABLE, true );
607 
608  coral::AttributeList insertData;
609  insertData.extend<int>( CONNECTION_ID_COL );
610  insertData.extend<std::string>( CONNECTION_LABEL_COL );
611  insertData.extend<std::string>( USERNAME_COL );
612  insertData.extend<std::string>( PASSWORD_COL );
613  insertData.extend<std::string>( VERIFICATION_KEY_COL );
614  insertData.extend<std::string>( CONNECTION_KEY_COL );
615  insertData[ CONNECTION_ID_COL ].data<int>() = connId;
616  insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
617  insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
618  insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
619  insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
620  insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
621  editor.insertRow( insertData );
622 
623  /***
624  // then set the admin permission on the new connection
625  ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
626  int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
627 
628  coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
629  coral::AttributeList authData;
630  authData.extend<int>( AUTH_ID_COL );
631  authData.extend<int>( P_ID_COL );
632  authData.extend<std::string>( ROLE_COL );
633  authData.extend<std::string>( SCHEMA_COL );
634  authData.extend<std::string>( AUTH_KEY_COL );
635  authData.extend<int>( C_ID_COL );
636  authData[ AUTH_ID_COL ].data<int>() = authId;
637  authData[ P_ID_COL ].data<int>() = m_principalId;
638  authData[ ROLE_COL ].data<std::string>() = Auth::COND_ADMIN_ROLE;
639  authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
640  authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
641  authData[ C_ID_COL ].data<int>() = connId;
642  authEditor.insertRow( authData );
643  **/
644  }
645  return std::make_pair( connId, connectionKey );
646 }
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string VERIFICATION_KEY_COL("CRED6")
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
static const unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
tuple editor
Definition: idDealer.py:73
boost::shared_ptr< coral::ISession > m_session
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 891 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::PrincipalData::adminKey, cond::Cipher::b64decrypt(), cond::Cipher::b64encrypt(), cond::CSScopedSession::close(), cond::Auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), cond::Auth::COND_DB_KEY_SIZE, cond::CredentialData::connectionKey, idDealer::editor, newFWLiteAna::found, relval_steps::gen(), ora::SequenceManager::getNextId(), cond::PrincipalData::id, cond::CredentialData::id, cond::KeyGenerator::make(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), python.IdGenerator::schema, cond::schemaLabelForCredentialStore(), cond::selectConnection(), cond::selectPrincipal(), SEQUENCE_TABLE_NAME(), python.CommonUtils::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and VERIFICATION_COL().

893  {
894  CSScopedSession session( *this );
895  session.start( false );
896 
897  coral::ISchema& schema = m_session->nominalSchema();
898 
899  PrincipalData princData;
900  bool found = selectPrincipal( schema, principalName, princData );
901 
902  Cipher adminCipher( m_principalKey );
903  Cipher cipher( authenticationKey );
904  std::string verifStr = cipher.b64encrypt( principalName );
905  std::string principalKey("");
906  if( setAdmin ) principalKey = m_principalKey;
907  int principalId = princData.id;
908 
909  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
910  if( found ){
911  if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
912  coral::AttributeList updateData;
913  updateData.extend<int>( PRINCIPAL_ID_COL );
914  updateData.extend<std::string>( VERIFICATION_COL );
915  updateData.extend<std::string>( PRINCIPAL_KEY_COL );
916  updateData.extend<std::string>( ADMIN_KEY_COL );
917  updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
918  updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
919  updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
920  updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
921  std::stringstream setClause;
922  setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
923  setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
924  setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
925  std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
926  editor.updateRows( setClause.str(),whereClause, updateData );
927  } else {
928  if( principalKey.empty() ) {
929  KeyGenerator gen;
930  principalKey = gen.make( Auth::COND_DB_KEY_SIZE );
931  }
932 
933  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
934 
935  ora::SequenceManager sequenceMgr( SEQUENCE_TABLE_NAME,schema );
936  principalId = sequenceMgr.getNextId( COND_AUTHENTICATION_TABLE, true );
937 
938  coral::AttributeList authData;
939  editor0.rowBuffer(authData);
940  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
941  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
942  authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
943  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
944  authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
945  editor0.insertRow( authData );
946  }
947 
948  if(setAdmin){
950  std::string connLabel = schemaLabelForCredentialStore( connString );
951  CredentialData credsData;
952  bool found = selectConnection( schema, connLabel, credsData );
953  if(!found){
954  throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
955  }
956  setPermission( principalId, principalKey, Auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
957  }
958 
959  session.close();
960  return true;
961 }
static const std::string COND_ADMIN_ROLE
Definition: Auth.h:20
std::string connectionString
Definition: DecodingKey.h:13
const ServiceCredentials * m_serviceData
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string ADMIN_KEY_COL("CRED2")
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
std::string schemaLabelForCredentialStore(const std::string &connectionString)
void throwException(std::string const &message, std::string const &methodName)
Definition: Exception.cc:17
static const std::string PRINCIPAL_ID_COL("P_ID")
static const unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
tuple editor
Definition: idDealer.py:73
boost::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string PRINCIPAL_NAME_COL("P_NAME")

Friends And Related Function Documentation

friend class CSScopedSession
friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 87 of file CredentialStore.h.

boost::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 163 of file CredentialStore.h.

DecodingKey cond::CredentialStore::m_key
private

Definition at line 172 of file CredentialStore.h.

int cond::CredentialStore::m_principalId
private

Definition at line 166 of file CredentialStore.h.

std::string cond::CredentialStore::m_principalKey
private

Definition at line 167 of file CredentialStore.h.

const ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 170 of file CredentialStore.h.

std::string cond::CredentialStore::m_serviceName
private

Definition at line 169 of file CredentialStore.h.

boost::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private

Definition at line 164 of file CredentialStore.h.