cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes
struct	Permission

Public Member Functions
bool	createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
	CredentialStore ()
	Standard Constructor. More...
bool	drop (const std::string &connectionString, const std::string &userName, const std::string &password)
bool	exportAll (coral_bridge::AuthenticationCredentialSet &data)
bool	importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
	import data More...
bool	installAdmin (const std::string &userName, const std::string &password)
const std::string &	keyPrincipalName ()
bool	listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
bool	listPrincipals (std::vector< std::string > &destination)
bool	removeConnection (const std::string &connectionLabel)
bool	removePrincipal (const std::string &principal)
bool	selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
bool	selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
bool	setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
std::string	setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
std::string	setUpForService (const std::string &serviceName, const std::string &authPath)
	Sets the initialization parameters. More...
bool	unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
bool	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
bool	updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
virtual	~CredentialStore ()
	Standard Destructor. More...

Static Public Attributes
static const std::string	DEFAULT_DATA_SOURCE

Private Member Functions
int	addUser (const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)
void	closeSession (bool commit=true)
std::pair< std::string, std::string >	openConnection (const std::string &connectionString)
void	openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
void	openSession (bool readOnly=true)
bool	setPermission (int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
void	startSession (bool readMode)
void	startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
std::pair< int, std::string >	updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)

Private Attributes
std::shared_ptr< coral::IConnection >	m_connection
auth::DecodingKey	m_key
int	m_principalId
std::string	m_principalKey
const auth::ServiceCredentials *	m_serviceData
std::string	m_serviceName
std::shared_ptr< coral::ISession >	m_session

Friends
class	CSScopedSession

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore

(

)

Standard Constructor.

Definition at line 680 of file CredentialStore.cc.

                                    :
  m_connection(),
  m_session(),
  m_principalId(-1),
  m_principalKey(""),
  m_serviceName(""),
  m_serviceData(0),
  m_key(){
}

cond::CredentialStore::~CredentialStore ( )

virtual

Standard Destructor.

Definition at line 690 of file CredentialStore.cc.

References AlCaHLTBitMon_QueryRunRegistry::string.

                                     {
}

Member Function Documentation

int cond::CredentialStore::addUser ( const std::string &  principalName, const std::string &  authenticationKey, const std::string &  principalKey, const std::string &  adminKey  )

private

Definition at line 389 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::auth::Cipher::b64encrypt(), COND_AUTHENTICATION_TABLE(), getNextSequenceValue(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), dataDML::schema, AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), and VERIFICATION_COL().

                                                                                                                                                              {

  coral::ISchema& schema = m_session->nominalSchema();
  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  int principalId = -1;
  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::addUser" );
    
  auth::Cipher cipher0( authenticationKey );
  auth::Cipher cipher1( adminKey );

  coral::AttributeList authData;
  editor0.rowBuffer(authData);
  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
  editor0.insertRow( authData );
  return principalId;
}

void cond::CredentialStore::closeSession ( bool  commit = true )

private

Definition at line 337 of file CredentialStore.cc.

                                                   {

  if( m_session.get() ){
    if(m_session->transaction().isActive()){
      if( commit ){
    m_session->transaction().commit();
      } else {
    m_session->transaction().rollback();
      }
    }
    m_session->endUserSession();
  }
  m_session.reset();
  if( m_connection.get() ){
    m_connection->disconnect();
  }
  m_connection.reset();
}

bool cond::CredentialStore::createSchema	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 752 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), m_session, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), dataDML::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                                                           {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
    throwException("Credential database, already exists.","CredentialStore::create");
  }

  coral::TableDescription dseq;
  dseq.setName( SEQUENCE_TABLE_NAME );

  dseq.insertColumn( SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>() );
  dseq.setNotNullConstraint( SEQUENCE_NAME_COL );
  dseq.insertColumn( SEQUENCE_VALUE_COL,coral::AttributeSpecification::typeNameForType<int>() );
  dseq.setNotNullConstraint( SEQUENCE_VALUE_COL );
  dseq.setPrimaryKey( std::vector< std::string >( 1, SEQUENCE_NAME_COL ) );
  schema.createTable( dseq );

  int columnSize = 2000;

  // authentication table
  
  addSequence( schema, COND_AUTHENTICATION_TABLE );
  coral::TableDescription descr0;
  descr0.setName( COND_AUTHENTICATION_TABLE );
  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
  descr0.setNotNullConstraint( VERIFICATION_COL );
  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
  descr0.setNotNullConstraint( ADMIN_KEY_COL );
  std::vector<std::string> columnsUnique;
  columnsUnique.push_back( PRINCIPAL_NAME_COL);
  descr0.setUniqueConstraint( columnsUnique );
  std::vector<std::string> columnsForIndex;
  columnsForIndex.push_back(PRINCIPAL_ID_COL);
  descr0.setPrimaryKey( columnsForIndex );
  schema.createTable( descr0 );

  // authorization table
  addSequence( schema, COND_AUTHORIZATION_TABLE );
  coral::TableDescription descr1;
  descr1.setName( COND_AUTHORIZATION_TABLE );
  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr1.setNotNullConstraint( AUTH_ID_COL );
  descr1.setNotNullConstraint( P_ID_COL );
  descr1.setNotNullConstraint( ROLE_COL );
  descr1.setNotNullConstraint( SCHEMA_COL );
  descr1.setNotNullConstraint( AUTH_KEY_COL );
  descr1.setNotNullConstraint( C_ID_COL );
  columnsUnique.clear();
  columnsUnique.push_back( P_ID_COL);
  columnsUnique.push_back( ROLE_COL);
  columnsUnique.push_back( SCHEMA_COL);
  descr1.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(AUTH_ID_COL);
  descr1.setPrimaryKey( columnsForIndex );
  schema.createTable( descr1 );

  // credential table
  addSequence( schema, COND_CREDENTIAL_TABLE );
  coral::TableDescription descr2;
  descr2.setName( COND_CREDENTIAL_TABLE );
  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
  descr2.setNotNullConstraint( CONNECTION_ID_COL );
  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
  descr2.setNotNullConstraint( USERNAME_COL );
  descr2.setNotNullConstraint( PASSWORD_COL );
  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
  columnsUnique.clear();
  columnsUnique.push_back( CONNECTION_LABEL_COL);
  descr2.setUniqueConstraint( columnsUnique );
  columnsForIndex.clear();
  columnsForIndex.push_back(CONNECTION_ID_COL);
  descr2.setPrimaryKey( columnsForIndex );
  schema.createTable( descr2 );

  session.close();
  return true;
}

bool cond::CredentialStore::drop	(	const std::string &	connectionString,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 851 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), m_session, dataDML::schema, SEQUENCE_TABLE_NAME(), dataDML::session, and cond::CSScopedSession::startSuper().

                                                                                                                   {
  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password );

  coral::ISchema& schema = m_session->nominalSchema();
  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
  session.close();
  return true;
}

bool cond::CredentialStore::exportAll

(

coral_bridge::AuthenticationCredentialSet &

data

)

Definition at line 1384 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                  {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  auth::Cipher cipher0( m_principalKey );
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
    std::string userName("");
    std::string password("");
    std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
    auth::Cipher cipher1( connectionKey );
    std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
    if( verifKey == connectionLabel ){
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    data.registerCredentials( connectionString, role, userName, password );
    found = true;
  }
  session.close();
  return found;  
}

bool cond::CredentialStore::importForPrincipal	(	const std::string &	principal,
		const coral_bridge::AuthenticationCredentialSet &	data,
		bool	forceUpdateConnection = false
	)

import data

Definition at line 1217 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), runEdmFileComparison::found, cond::PrincipalData::id, m_principalKey, m_session, genParticles_cff::map, mps_alisetup::msg, createfilelist::parser, dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, dataDML::session, setPermission(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and updateConnection().

                                                    {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::importForPrincipal");
  }

  bool imported = false;
  auth::Cipher cipher( m_principalKey );
  std::string princKey = cipher.b64decrypt( princData.adminKey);

  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
    const std::string& connectionString = iConn->first.first;
    coral::URIParser parser;
    parser.setURI( connectionString );
    std::string serviceName = parser.hostName();
    const std::string& role = iConn->first.second;
    std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
    std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
    // first import the connections
    std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
    auth::Cipher cipher( m_principalKey );
    // than set the permission for the specific role
    setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
    imported = true;
  }
  session.close();  
  return imported;
}

bool cond::CredentialStore::installAdmin	(	const std::string &	userName,
		const std::string &	password
	)

Definition at line 864 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), cond::auth::Cipher::b64encrypt(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::auth::ServiceCredentials::connectionString, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), m_key, m_principalKey, m_serviceData, m_session, cond::auth::KeyGenerator::make(), mps_alisetup::msg, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), cond::auth::DecodingKey::principalKey(), cond::auth::DecodingKey::principalName(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::schemaLabelForCredentialStore(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

                                                                                            {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );    
  }
  const std::string& connectionString = m_serviceData->connectionString;
  const std::string& principalName = m_key.principalName();

  CSScopedSession session( *this );
  session.startSuper( connectionString, userName, password  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principalName, princData );

  if( found ){
    std::string msg("Principal \"");
    msg += principalName + "\" has been installed already.";
    throwException(msg,"CredentialStore::installAdmin");
  }

  auth::KeyGenerator gen;
  m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  int principalId = -1;
  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );
    
  auth::Cipher cipher0( m_key.principalKey() );
  auth::Cipher cipher1( m_principalKey );

  coral::AttributeList authData;
  editor0.rowBuffer(authData);
  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
  editor0.insertRow( authData );

  std::string connLabel = schemaLabelForCredentialStore( connectionString );
  auth::DecodingKey tmpKey;
  std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
  std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );    

  auth::Cipher cipher2( connectionKey );
  std::string encryptedUserName = cipher2.b64encrypt( userName );
  std::string encryptedPassword = cipher2.b64encrypt( password );
  std::string encryptedLabel = cipher2.b64encrypt( connLabel );    
  
  int connId = -1;
  if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );
    
  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
  coral::AttributeList connectionData;
  editor1.rowBuffer(connectionData);
  connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
  connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
  connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
  connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
  connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
  connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
  editor1.insertRow( connectionData );

  int authId = -1;
  if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );
    
  coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  coral::AttributeList permissionData;
  editor2.rowBuffer(permissionData);
  permissionData[ AUTH_ID_COL ].data<int>() = authId;
  permissionData[ P_ID_COL ].data<int>() = principalId;
  permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
  permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
  permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
  permissionData[ C_ID_COL ].data<int>() = connId;
  editor2.insertRow( permissionData );

  session.close();
  return true;
}

const std::string & cond::CredentialStore::keyPrincipalName

(

)

Definition at line 1440 of file CredentialStore.cc.

References m_key, and cond::auth::DecodingKey::principalName().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                       {
  return m_key.principalName();
}

bool cond::CredentialStore::listConnections

(

std::map< std::string, std::pair< std::string, std::string > > &

destination

)

Definition at line 1279 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cmsStageWithFailover::destination, runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

                                                                                                       {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
  readBuff.extend<std::string>( USERNAME_COL );
  readBuff.extend<std::string>( PASSWORD_COL );
  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
  readBuff.extend<std::string>( CONNECTION_KEY_COL );
  query->defineOutput(readBuff);
  query->addToOutputList( CONNECTION_LABEL_COL );
  query->addToOutputList( USERNAME_COL );
  query->addToOutputList( PASSWORD_COL );
  query->addToOutputList( VERIFICATION_KEY_COL );
  query->addToOutputList( CONNECTION_KEY_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  auth::Cipher cipher0(m_principalKey );
  while ( cursor.next() ) {
    std::string userName("");
    std::string password("");
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
    const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
    const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
    std::string connKey = cipher0.b64decrypt( encryptedKey );
    auth::Cipher cipher1( connKey );
    std::string verif = cipher1.b64decrypt( encryptedVerif );
    if( verif == connLabel ){
      const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
      const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
      userName = cipher1.b64decrypt( encryptedUserName );
      password = cipher1.b64decrypt( encryptedPassword );
    }
    destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
    found = true;
  }
  session.close();    
  return found;
}

bool cond::CredentialStore::listPrincipals

(

std::vector< std::string > &

destination

)

Definition at line 1256 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), runEdmFileComparison::found, m_session, PRINCIPAL_NAME_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                                           {

  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
  coral::AttributeList readBuff;
  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
  query->defineOutput(readBuff);
  query->addToOutputList( PRINCIPAL_NAME_COL );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    found = true;
    const coral::AttributeList& row = cursor.currentRow();
    destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
  }
  session.close();    
  return found;
}

std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString )

private

Definition at line 411 of file CredentialStore.cc.

References instance.

                                                                                                   {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  m_connection.reset( domain.newConnection( connTokens.first ) );
  m_connection->connect();
  return connTokens;
}

void cond::CredentialStore::openSession ( const std::string &  schemaName, const std::string &  userName, const std::string &  password, bool  readMode  )

private

Definition at line 424 of file CredentialStore.cc.

References lumiQueryAPI::accessMode.

                                                                                                                                       {
  coral::AccessMode accessMode = coral::ReadOnly;
  if( !readMode ) accessMode = coral::Update;  
  m_session.reset( m_connection->newSession( schemaName, accessMode) );
  m_session->startUserSession( userName, password );
  // open read-only transaction
  m_session->transaction().start( readMode );
}

void cond::CredentialStore::openSession ( bool  readOnly = true )

private

bool cond::CredentialStore::removeConnection

(

const std::string &

connectionLabel

)

Definition at line 1130 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), runEdmFileComparison::found, cond::CredentialData::id, m_session, mps_alisetup::msg, dataDML::schema, cond::selectConnection(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                            {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  CredentialData credsData;
  bool found = selectConnection( schema, connectionLabel, credsData );

  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removeConnection");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( C_ID_COL );
  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( CONNECTION_ID_COL );
  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();

  return true;
}

bool cond::CredentialStore::removePrincipal

(

const std::string &

principal

)

Definition at line 1096 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_alisetup::msg, P_ID_COL(), PRINCIPAL_ID_COL(), dataDML::schema, cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                                     {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::removePrincipal");
  }

  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();

  coral::AttributeList deleteData0;
  deleteData0.extend<int>( P_ID_COL );
  deleteData0[ P_ID_COL ].data<int>() = princData.id;
  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
  editor0.deleteRows( whereClause0 , deleteData0 );

  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

  coral::AttributeList deleteData1;
  deleteData1.extend<int>( PRINCIPAL_ID_COL );
  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
  editor1.deleteRows( whereClause1 , deleteData1 );

  session.close();
  
  return true;
}

bool cond::CredentialStore::selectForUser

(

coral_bridge::AuthenticationCredentialSet &

destinationData

)

Definition at line 1164 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), m_principalId, m_principalKey, m_session, P_ID_COL(), PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                                                                 {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();

  auth::Cipher cipher( m_principalKey );

  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
  coral::AttributeList whereData;
  whereData.extend<int>(P_ID_COL);
  whereData[ P_ID_COL ].data<int>() = m_principalId;
  std::stringstream whereClause;
  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->addToOutputList( "CREDS."+USERNAME_COL );
  query->addToOutputList( "CREDS."+PASSWORD_COL );
  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
  query->setCondition( whereClause.str(), whereData );
  coral::ICursor& cursor = query->execute();
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
    const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
    const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
    const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
    std::string authKey = cipher.b64decrypt( encryptedAuthKey );
    auth::Cipher connCipher( authKey );
    if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
      destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ),  connCipher.b64decrypt( encryptedPassword ) );
    } 
  }
  session.close();
  return true;
}

bool cond::CredentialStore::selectPermissions	(	const std::string &	principalName,
		const std::string &	role,
		const std::string &	connectionString,
		std::vector< Permission > &	destination
	)

Definition at line 1323 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, runEdmFileComparison::found, m_session, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, das::query(), cond::CredentialStore::Permission::role, ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

                                                               {
  CSScopedSession session( *this );
  session.start( true  );
  coral::ISchema& schema = m_session->nominalSchema();
  std::auto_ptr<coral::IQuery> query(schema.newQuery());
  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
  coral::AttributeList readBuff;
  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
  coral::AttributeList whereData;
  std::stringstream whereClause;
  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
  if( !principalName.empty() ){
    whereData.extend<std::string>(PRINCIPAL_NAME_COL);
    whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
    whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
  }
  if( !role.empty() ){
    whereData.extend<std::string>(ROLE_COL);
    whereData[ ROLE_COL ].data<std::string>() = role;
    whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
  }
  if( !connectionString.empty() ){
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
    whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  }
  
  query->defineOutput(readBuff);
  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
  query->addToOutputList( "AUTHO."+ROLE_COL );
  query->addToOutputList( "AUTHO."+SCHEMA_COL );
  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
  query->setCondition( whereClause.str(), whereData );
  query->addToOrderList( "AUTHO."+SCHEMA_COL );
  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL  );
  query->addToOrderList( "AUTHO."+ROLE_COL  );
  coral::ICursor& cursor = query->execute();
  bool found = false;
  while ( cursor.next() ) {
    const coral::AttributeList& row = cursor.currentRow();
    destination.resize( destination.size()+1 );
    Permission& perm = destination.back();
    perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
    perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
    perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
    perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
    found = true;
  }
  session.close();
  return found;  
}

bool cond::CredentialStore::setPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString,
		const std::string &	connectionLabel
	)

Definition at line 1019 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, runEdmFileComparison::found, cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_session, mps_alisetup::msg, dataDML::schema, cond::selectConnection(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by importForPrincipal(), and updatePrincipal().

                                                         {
  CSScopedSession session( *this );
  session.start( false  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  CredentialData credsData;
  found = selectConnection( schema, connectionLabel, credsData );
  
  if( ! found ){
    std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::setPermission");
  }

  auth::Cipher cipher( m_principalKey );
  bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
  session.close();
  return ret;
}

bool cond::CredentialStore::setPermission ( int  principalId, const std::string &  principalKey, const std::string &  role, const std::string &  connectionString, int  connectionId, const std::string &  connectionKey  )

private

Definition at line 547 of file CredentialStore.cc.

References AUTH_ID_COL(), AUTH_KEY_COL(), cond::auth::Cipher::b64encrypt(), C_ID_COL(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, getNextSequenceValue(), cond::AuthorizationData::id, GetRecoTauVFromDQM_MC_cff::next, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectAuthorization(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::persistency::throwException().

                                                                                                                                                                                                   {
  coral::ISchema& schema = m_session->nominalSchema();
  auth::Cipher cipher( principalKey );
  std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );

  AuthorizationData authData;
  bool found = selectAuthorization( schema, principalId, role, connectionString, authData );

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  if( found ) {
    coral::AttributeList updateData;
    updateData.extend<int>( AUTH_ID_COL );
    updateData.extend<int>( C_ID_COL );
    updateData.extend<std::string>( AUTH_KEY_COL );
    updateData[ AUTH_ID_COL ].data<int>() = authData.id;
    updateData[ C_ID_COL ].data<int>() = connectionId;
    updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
    std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
    std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
    editor.updateRows( setCl,whereCl, updateData );
  } else {

    int next = -1;
    if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, next ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::setPermission" );
    
    coral::AttributeList insertData;
    insertData.extend<int>( AUTH_ID_COL );
    insertData.extend<int>( P_ID_COL );
    insertData.extend<std::string>( ROLE_COL );
    insertData.extend<std::string>( SCHEMA_COL );
    insertData.extend<std::string>( AUTH_KEY_COL );
    insertData.extend<int>( C_ID_COL );
    insertData[ AUTH_ID_COL ].data<int>() = next;
    insertData[ P_ID_COL ].data<int>() = principalId;
    insertData[ ROLE_COL ].data<std::string>() = role;
    insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
    insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
    insertData[ C_ID_COL ].data<int>() = connectionId;
    editor.insertRow( insertData );
  }
  return true;    
}

std::string cond::CredentialStore::setUpForConnectionString	(	const std::string &	connectionString,
		const std::string &	authPath
	)

Definition at line 726 of file CredentialStore.cc.

References instance, serviceName, setUpForService(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

                                                    {
  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
  if ( ! relationalService.isValid() ){
    coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
    relationalService = coral::Context::instance().query<coral::IRelationalService>();
  }
  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
  std::string& serviceName = connTokens.first;
  return setUpForService( serviceName, authPath );
}

std::string cond::CredentialStore::setUpForService	(	const std::string &	serviceName,
		const std::string &	authPath
	)

Sets the initialization parameters.

Definition at line 694 of file CredentialStore.cc.

References cond::auth::COND_KEY, cond::auth::ServiceCredentials::connectionString, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, cond::auth::DecodingKey::init(), m_key, m_serviceData, m_serviceName, mps_alisetup::msg, callgraph::path, serviceName, cond::auth::DecodingKey::services(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by setUpForConnectionString().

                                               {
  if( serviceName.empty() ){
    throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );        
  }
  m_serviceName.clear();
  m_serviceData = 0;

  if( authPath.empty() ){
    throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path fullPath( authPath );
  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
    throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
  }
  boost::filesystem::path file( auth::DecodingKey::FILE_PATH );
  fullPath /= file;

  m_key.init( fullPath.string(), auth::COND_KEY ); 
  
  std::map< std::string, auth::ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
  if( iK == m_key.services().end() ){
    std::string msg("");
    msg += "Service \""+serviceName+"\" can't be open with the current key.";
    throwException( msg,"cond::CredentialStore::setUpConnection" );    
  }
  m_serviceName = serviceName;
  m_serviceData = &iK->second;
  return m_serviceData->connectionString;
}

void cond::CredentialStore::startSession ( bool  readMode )

private

Definition at line 439 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, das::query(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

                                                     {
  if(!m_serviceData){
    throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );    
  }
  const std::string& storeConnectionString = m_serviceData->connectionString;

  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );

  const std::string& userName = m_serviceData->userName;
  const std::string& password = m_serviceData->password;
 
  openSession( connTokens.second, userName, password, true );

  coral::ISchema& schema = m_session->nominalSchema();
  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
     !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
     !schema.existsTable(COND_CREDENTIAL_TABLE) ){
    throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
  }

  const std::string& principalName = m_key.principalName();
  // now authenticate...
  PrincipalData princData;
  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
    throwException( "Invalid credentials provided.(0)",
            "CredentialStore::openSession");
  }
  auth::Cipher cipher0( m_key.principalKey() );
  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
  if( verifStr != principalName ){
    throwException( "Invalid credentials provided (1)",
            "CredentialStore::openSession");
  }
  // ok, authenticated!
  m_principalId = princData.id;
  m_principalKey = cipher0.b64decrypt( princData.principalKey );
  
  if(!readMode ) {

    auth::Cipher cipher0( m_principalKey );
    std::string adminKey = cipher0.b64decrypt( princData.adminKey );
    if( adminKey != m_principalKey ){
      // not admin user!
      throwException( "Provided credentials does not allow admin operation.",
              "CredentialStore::openSession");
    }
    
    // first find the credentials for WRITING in the security tables
    std::auto_ptr<coral::IQuery> query(schema.newQuery());
    query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
    query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
    coral::AttributeList readBuff;
    readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
    readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
    readBuff.extend<std::string>("CREDS."+USERNAME_COL);
    readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
    readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
    coral::AttributeList whereData;
    whereData.extend<int>(P_ID_COL);
    whereData.extend<std::string>(ROLE_COL);
    whereData.extend<std::string>(SCHEMA_COL);
    whereData[ P_ID_COL ].data<int>() = m_principalId;
    whereData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
    whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
    std::stringstream whereClause;
    whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
    whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
    whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
    whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
    query->defineOutput(readBuff);
    query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
    query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
    query->addToOutputList( "CREDS."+USERNAME_COL );
    query->addToOutputList( "CREDS."+PASSWORD_COL );
    query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
    query->setCondition( whereClause.str(), whereData );
    coral::ICursor& cursor = query->execute();
    bool found = false;
    std::string writeUserName("");
    std::string writePassword("");
    if ( cursor.next() ) {
      const coral::AttributeList& row = cursor.currentRow();
      const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
      const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
      std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
      auth::Cipher cipher1( connectionKey );
      const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
      const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
      const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
      if( cipher1.b64decrypt( verificationKey ) != connLabel  ){
    throwException( "Could not decrypt credentials.Provided key is invalid.",
            "CredentialStore::startSession");
      }
      writeUserName = cipher1.b64decrypt( encryptedUserName );
      writePassword = cipher1.b64decrypt( encryptedPassword );
      found = true;
    }
    if( ! found ){
      throwException( "Provided credentials are invalid for write access.",
              "CredentialStore::openSession");
    }
    m_session->transaction().commit();
    m_session->endUserSession();
    openSession( connTokens.second, writeUserName, writePassword, false );

  }
}   

void cond::CredentialStore::startSuperSession ( const std::string &  connectionString, const std::string &  userName, const std::string &  password  )

private

Definition at line 433 of file CredentialStore.cc.

                                                                                                                                    {
  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
  openSession( connTokens.second, userName, password, false );
}

bool cond::CredentialStore::unsetPermission	(	const std::string &	principal,
		const std::string &	role,
		const std::string &	connectionString
	)

Definition at line 1050 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_alisetup::msg, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

                                                            {
  CSScopedSession session( *this );
  session.start( false  );
  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principal, princData );

  if( ! found ){
    std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
    throwException( msg, "CredentialStore::unsetPermission");
  }

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
  coral::AttributeList deleteData;
  deleteData.extend<int>( P_ID_COL );
  deleteData.extend<std::string>( ROLE_COL );
  deleteData.extend<std::string>( SCHEMA_COL );
  deleteData[ P_ID_COL ].data<int>() = princData.id;
  deleteData[ ROLE_COL ].data<std::string>() = role;
  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
  std::stringstream whereClause;
  whereClause << P_ID_COL+" = :"+P_ID_COL;
  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
  editor.deleteRows( whereClause.str(), deleteData );
  session.close();
  return true;
}

bool cond::CredentialStore::updateConnection	(	const std::string &	connectionLabel,
		const std::string &	userName,
		const std::string &	password
	)

Definition at line 1082 of file CredentialStore.cc.

References cond::CSScopedSession::close(), m_session, dataDML::session, and cond::CSScopedSession::start().

Referenced by importForPrincipal(), Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

                                                     {
  CSScopedSession session( *this );
  session.start( false  );

  m_session->transaction().start();

  updateConnection( connectionLabel,userName, password, true ); 

  session.close();
  return true;
}

std::pair< int, std::string > cond::CredentialStore::updateConnection ( const std::string &  connectionLabel, const std::string &  userName, const std::string &  password, bool  forceUpdate  )

private

Definition at line 590 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::auth::Cipher::b64encrypt(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::CredentialData::connectionKey, idDealer::editor, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), cond::CredentialData::id, cond::auth::KeyGenerator::make(), PASSWORD_COL(), dataDML::schema, cond::selectConnection(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::CredentialData::verificationKey.

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

                                                      {
  coral::ISchema& schema = m_session->nominalSchema();
  CredentialData credsData;
  bool found = selectConnection( schema, connectionLabel, credsData );
  int connId = credsData.id;
  
  auth::Cipher adminCipher( m_principalKey );
  std::string connectionKey("");
  coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
  if( found ){
    
    connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
    auth::Cipher cipher( connectionKey );
    std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
    if( verificationKey != connectionLabel ){
      throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
    }
    if( forceUpdate ){
      std::string encryptedUserName = cipher.b64encrypt( userName );
      std::string encryptedPassword = cipher.b64encrypt( password );
     
      coral::AttributeList updateData;
      updateData.extend<int>( CONNECTION_ID_COL );
      updateData.extend<std::string>( USERNAME_COL );
      updateData.extend<std::string>( PASSWORD_COL );
      updateData[ CONNECTION_ID_COL ].data<int>() = connId;
      updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
      updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
      std::stringstream setCl;
      setCl << USERNAME_COL << " = :" << USERNAME_COL;
      setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
      std::string whereCl = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
      editor.updateRows( setCl.str(),whereCl, updateData );
    }
  }
  
  if(!found){
    
    auth::KeyGenerator gen;
    connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
    auth::Cipher cipher( connectionKey );
    std::string encryptedUserName = cipher.b64encrypt( userName );
    std::string encryptedPassword = cipher.b64encrypt( password );
    std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
    
    if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::updateConnection" );
    
    coral::AttributeList insertData;
    insertData.extend<int>( CONNECTION_ID_COL );
    insertData.extend<std::string>( CONNECTION_LABEL_COL );
    insertData.extend<std::string>( USERNAME_COL );
    insertData.extend<std::string>( PASSWORD_COL );
    insertData.extend<std::string>( VERIFICATION_KEY_COL );
    insertData.extend<std::string>( CONNECTION_KEY_COL );
    insertData[ CONNECTION_ID_COL ].data<int>() = connId;
    insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
    insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
    insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
    insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
    insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
    editor.insertRow( insertData );
    
    /***
    // then set the admin permission on the new connection
    ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
    int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
    
    coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
    coral::AttributeList authData;
    authData.extend<int>( AUTH_ID_COL );
    authData.extend<int>( P_ID_COL );
    authData.extend<std::string>( ROLE_COL );
    authData.extend<std::string>( SCHEMA_COL );
    authData.extend<std::string>( AUTH_KEY_COL );
    authData.extend<int>( C_ID_COL );
    authData[ AUTH_ID_COL ].data<int>() = authId;
    authData[ P_ID_COL ].data<int>() = m_principalId;
    authData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
    authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
    authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
    authData[ C_ID_COL ].data<int>() = connId;
    authEditor.insertRow( authData );
    **/
  }
  return std::make_pair( connId, connectionKey );
}

bool cond::CredentialStore::updatePrincipal	(	const std::string &	principal,
		const std::string &	principalKey,
		bool	setAdmin = false
	)

Definition at line 947 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::auth::Cipher::b64encrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), cond::auth::COND_DB_KEY_SIZE, cond::CredentialData::connectionKey, cond::auth::ServiceCredentials::connectionString, idDealer::editor, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_serviceData, m_session, cond::auth::KeyGenerator::make(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), dataDML::schema, cond::schemaLabelForCredentialStore(), cond::selectConnection(), cond::selectPrincipal(), dataDML::session, setPermission(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and VERIFICATION_COL().

                                        {
  CSScopedSession session( *this );
  session.start( false  );

  coral::ISchema& schema = m_session->nominalSchema();

  PrincipalData princData;
  bool found = selectPrincipal( schema, principalName, princData );

  auth::Cipher adminCipher( m_principalKey );
  auth::Cipher cipher( authenticationKey );
  std::string verifStr = cipher.b64encrypt( principalName );
  std::string principalKey("");
  if( setAdmin ) principalKey = m_principalKey;
  int principalId = princData.id;

  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
  if( found ){
    if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
    coral::AttributeList updateData;
    updateData.extend<int>( PRINCIPAL_ID_COL );
    updateData.extend<std::string>( VERIFICATION_COL );
    updateData.extend<std::string>( PRINCIPAL_KEY_COL );
    updateData.extend<std::string>( ADMIN_KEY_COL );
    updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
    updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
    updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
    updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
    std::stringstream setClause;
    setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
    setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
    setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
    std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
    editor.updateRows( setClause.str(),whereClause, updateData );
  } else {
    if( principalKey.empty() ) {
      auth::KeyGenerator gen;
      principalKey = gen.make( auth::COND_DB_KEY_SIZE );
    }

    coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();

    if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::updatePrincipal" );
        
    coral::AttributeList authData;
    editor0.rowBuffer(authData);
    authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
    authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
    authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
    authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
    authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
    editor0.insertRow( authData );
  }

  if(setAdmin){
    std::string connString = m_serviceData->connectionString;
    std::string connLabel = schemaLabelForCredentialStore( connString );
    CredentialData credsData;
    bool found = selectConnection( schema, connLabel, credsData );
    if(!found){
      throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
    }
    setPermission( principalId, principalKey, auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
  }

  session.close();
  return true;
}

Friends And Related Function Documentation

friend class CSScopedSession

friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE

static

Definition at line 87 of file CredentialStore.h.

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection

private

Definition at line 163 of file CredentialStore.h.

auth::DecodingKey cond::CredentialStore::m_key

private

Definition at line 172 of file CredentialStore.h.

Referenced by installAdmin(), keyPrincipalName(), and setUpForService().

int cond::CredentialStore::m_principalId

private

Definition at line 166 of file CredentialStore.h.

Referenced by selectForUser().

std::string cond::CredentialStore::m_principalKey

private

Definition at line 167 of file CredentialStore.h.

Referenced by exportAll(), importForPrincipal(), installAdmin(), listConnections(), selectForUser(), setPermission(), and updatePrincipal().

const auth::ServiceCredentials* cond::CredentialStore::m_serviceData

private

Definition at line 170 of file CredentialStore.h.

Referenced by installAdmin(), setUpForService(), and updatePrincipal().

std::string cond::CredentialStore::m_serviceName

private

Definition at line 169 of file CredentialStore.h.

Referenced by setUpForService().

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session

private

Definition at line 164 of file CredentialStore.h.

Referenced by createSchema(), drop(), exportAll(), importForPrincipal(), installAdmin(), listConnections(), listPrincipals(), removeConnection(), removePrincipal(), selectForUser(), selectPermissions(), setPermission(), unsetPermission(), updateConnection(), and updatePrincipal().