CMS 3D CMS Logo

List of all members | Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Friends
cond::CredentialStore Class Reference

#include <CredentialStore.h>

Classes

struct  Permission
 

Public Member Functions

bool createSchema (const std::string &connectionString, const std::string &userName, const std::string &password)
 
 CredentialStore ()
 Standard Constructor. More...
 
bool drop (const std::string &connectionString, const std::string &userName, const std::string &password)
 
bool exportAll (coral_bridge::AuthenticationCredentialSet &data)
 
bool importForPrincipal (const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
 import data More...
 
bool installAdmin (const std::string &userName, const std::string &password)
 
const std::string & keyPrincipalName ()
 
bool listConnections (std::map< std::string, std::pair< std::string, std::string > > &destination)
 
bool listPrincipals (std::vector< std::string > &destination)
 
bool removeConnection (const std::string &connectionLabel)
 
bool removePrincipal (const std::string &principal)
 
bool selectForUser (coral_bridge::AuthenticationCredentialSet &destinationData)
 
bool selectPermissions (const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
 
bool setPermission (const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
 
std::string setUpForConnectionString (const std::string &connectionString, const std::string &authPath)
 
std::string setUpForService (const std::string &serviceName, const std::string &authPath)
 Sets the initialization parameters. More...
 
bool unsetPermission (const std::string &principal, const std::string &role, const std::string &connectionString)
 
bool updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password)
 
bool updatePrincipal (const std::string &principal, const std::string &principalKey, bool setAdmin=false)
 
virtual ~CredentialStore ()
 Standard Destructor. More...
 

Static Public Attributes

static const std::string DEFAULT_DATA_SOURCE
 

Private Member Functions

int addUser (const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)
 
void closeSession (bool commit=true)
 
std::pair< std::string, std::string > openConnection (const std::string &connectionString)
 
void openSession (const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
 
void openSession (bool readOnly=true)
 
bool setPermission (int principalId, const std::string &principalKey, const std::string &role, const std::string &connectionString, int connectionId, const std::string &connectionKey)
 
void startSession (bool readMode)
 
void startSuperSession (const std::string &connectionString, const std::string &userName, const std::string &password)
 
std::pair< int, std::string > updateConnection (const std::string &connectionLabel, const std::string &userName, const std::string &password, bool forceUpdate)
 

Private Attributes

std::shared_ptr< coral::IConnection > m_connection
 
auth::DecodingKey m_key
 
int m_principalId
 
std::string m_principalKey
 
const auth::ServiceCredentialsm_serviceData
 
std::string m_serviceName
 
std::shared_ptr< coral::ISession > m_session
 

Friends

class CSScopedSession
 

Detailed Description

Definition at line 83 of file CredentialStore.h.

Constructor & Destructor Documentation

cond::CredentialStore::CredentialStore ( )

Standard Constructor.

Definition at line 680 of file CredentialStore.cc.

680  :
681  m_connection(),
682  m_session(),
683  m_principalId(-1),
684  m_principalKey(""),
685  m_serviceName(""),
686  m_serviceData(nullptr),
687  m_key(){
688 }
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
const auth::ServiceCredentials * m_serviceData
cond::CredentialStore::~CredentialStore ( )
virtual

Standard Destructor.

Definition at line 690 of file CredentialStore.cc.

References AlCaHLTBitMon_QueryRunRegistry::string.

690  {
691 }

Member Function Documentation

int cond::CredentialStore::addUser ( const std::string &  principalName,
const std::string &  authenticationKey,
const std::string &  principalKey,
const std::string &  adminKey 
)
private

Definition at line 389 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::auth::Cipher::b64encrypt(), COND_AUTHENTICATION_TABLE(), getNextSequenceValue(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), dataDML::schema, AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), and VERIFICATION_COL().

389  {
390 
391  coral::ISchema& schema = m_session->nominalSchema();
392  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
393 
394  int principalId = -1;
395  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::addUser" );
396 
397  auth::Cipher cipher0( authenticationKey );
398  auth::Cipher cipher1( adminKey );
399 
400  coral::AttributeList authData;
401  editor0.rowBuffer(authData);
402  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
403  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
404  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
405  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
406  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
407  editor0.insertRow( authData );
408  return principalId;
409 }
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_COL("CRED0")
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
void cond::CredentialStore::closeSession ( bool  commit = true)
private

Definition at line 337 of file CredentialStore.cc.

337  {
338 
339  if( m_session.get() ){
340  if(m_session->transaction().isActive()){
341  if( commit ){
342  m_session->transaction().commit();
343  } else {
344  m_session->transaction().rollback();
345  }
346  }
347  m_session->endUserSession();
348  }
349  m_session.reset();
350  if( m_connection.get() ){
351  m_connection->disconnect();
352  }
353  m_connection.reset();
354 }
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
bool cond::CredentialStore::createSchema ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 752 of file CredentialStore.cc.

References addSequence(), ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), m_session, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), SEQUENCE_NAME_COL(), SEQUENCE_TABLE_NAME(), SEQUENCE_VALUE_COL(), dataDML::session, cond::CSScopedSession::startSuper(), cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

752  {
753  CSScopedSession session( *this );
754  session.startSuper( connectionString, userName, password );
755 
756  coral::ISchema& schema = m_session->nominalSchema();
757  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
758  throwException("Credential database, already exists.","CredentialStore::create");
759  }
760 
761  coral::TableDescription dseq;
762  dseq.setName( SEQUENCE_TABLE_NAME );
763 
764  dseq.insertColumn( SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>() );
765  dseq.setNotNullConstraint( SEQUENCE_NAME_COL );
766  dseq.insertColumn( SEQUENCE_VALUE_COL,coral::AttributeSpecification::typeNameForType<int>() );
767  dseq.setNotNullConstraint( SEQUENCE_VALUE_COL );
768  dseq.setPrimaryKey( std::vector< std::string >( 1, SEQUENCE_NAME_COL ) );
769  schema.createTable( dseq );
770 
771  int columnSize = 2000;
772 
773  // authentication table
774 
776  coral::TableDescription descr0;
777  descr0.setName( COND_AUTHENTICATION_TABLE );
778  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
779  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
780  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
781  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
782  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
783  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
784  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
785  descr0.setNotNullConstraint( VERIFICATION_COL );
786  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
787  descr0.setNotNullConstraint( ADMIN_KEY_COL );
788  std::vector<std::string> columnsUnique;
789  columnsUnique.push_back( PRINCIPAL_NAME_COL);
790  descr0.setUniqueConstraint( columnsUnique );
791  std::vector<std::string> columnsForIndex;
792  columnsForIndex.push_back(PRINCIPAL_ID_COL);
793  descr0.setPrimaryKey( columnsForIndex );
794  schema.createTable( descr0 );
795 
796  // authorization table
798  coral::TableDescription descr1;
799  descr1.setName( COND_AUTHORIZATION_TABLE );
800  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
801  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
802  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
803  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
804  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
805  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
806  descr1.setNotNullConstraint( AUTH_ID_COL );
807  descr1.setNotNullConstraint( P_ID_COL );
808  descr1.setNotNullConstraint( ROLE_COL );
809  descr1.setNotNullConstraint( SCHEMA_COL );
810  descr1.setNotNullConstraint( AUTH_KEY_COL );
811  descr1.setNotNullConstraint( C_ID_COL );
812  columnsUnique.clear();
813  columnsUnique.push_back( P_ID_COL);
814  columnsUnique.push_back( ROLE_COL);
815  columnsUnique.push_back( SCHEMA_COL);
816  descr1.setUniqueConstraint( columnsUnique );
817  columnsForIndex.clear();
818  columnsForIndex.push_back(AUTH_ID_COL);
819  descr1.setPrimaryKey( columnsForIndex );
820  schema.createTable( descr1 );
821 
822  // credential table
824  coral::TableDescription descr2;
825  descr2.setName( COND_CREDENTIAL_TABLE );
826  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
827  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
828  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
829  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
830  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
831  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
832  descr2.setNotNullConstraint( CONNECTION_ID_COL );
833  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
834  descr2.setNotNullConstraint( USERNAME_COL );
835  descr2.setNotNullConstraint( PASSWORD_COL );
836  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
837  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
838  columnsUnique.clear();
839  columnsUnique.push_back( CONNECTION_LABEL_COL);
840  descr2.setUniqueConstraint( columnsUnique );
841  columnsForIndex.clear();
842  columnsForIndex.push_back(CONNECTION_ID_COL);
843  descr2.setPrimaryKey( columnsForIndex );
844  schema.createTable( descr2 );
845 
846  session.close();
847  return true;
848 }
static const std::string SEQUENCE_VALUE_COL("VALUE")
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
static const std::string SEQUENCE_NAME_COL("NAME")
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
void addSequence(coral::ISchema &schema, const std::string &name)
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::drop ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)

Definition at line 851 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), m_session, dataDML::schema, SEQUENCE_TABLE_NAME(), dataDML::session, and cond::CSScopedSession::startSuper().

851  {
852  CSScopedSession session( *this );
853  session.startSuper( connectionString, userName, password );
854 
855  coral::ISchema& schema = m_session->nominalSchema();
856  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
857  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
858  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
859  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
860  session.close();
861  return true;
862 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::exportAll ( coral_bridge::AuthenticationCredentialSet data)

Definition at line 1384 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1384  {
1385  CSScopedSession session( *this );
1386  session.start( true );
1387  coral::ISchema& schema = m_session->nominalSchema();
1388  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1389  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1390  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1391  coral::AttributeList readBuff;
1392  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1393  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1394  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1395  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1396  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
1397  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1398  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1399  coral::AttributeList whereData;
1400  std::stringstream whereClause;
1401  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1402 
1403  query->defineOutput(readBuff);
1404  query->addToOutputList( "AUTHO."+ROLE_COL );
1405  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1406  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1407  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1408  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
1409  query->addToOutputList( "CREDS."+USERNAME_COL );
1410  query->addToOutputList( "CREDS."+PASSWORD_COL );
1411  query->setCondition( whereClause.str(), whereData );
1412  coral::ICursor& cursor = query->execute();
1413  bool found = false;
1414  auth::Cipher cipher0( m_principalKey );
1415  while ( cursor.next() ) {
1416  const coral::AttributeList& row = cursor.currentRow();
1417  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1418  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1419  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1420  const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1421  const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
1422  std::string userName("");
1423  std::string password("");
1424  std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
1425  auth::Cipher cipher1( connectionKey );
1426  std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
1427  if( verifKey == connectionLabel ){
1428  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
1429  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
1430  userName = cipher1.b64decrypt( encryptedUserName );
1431  password = cipher1.b64decrypt( encryptedPassword );
1432  }
1433  data.registerCredentials( connectionString, role, userName, password );
1434  found = true;
1435  }
1436  session.close();
1437  return found;
1438 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
std::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::importForPrincipal ( const std::string &  principal,
const coral_bridge::AuthenticationCredentialSet data,
bool  forceUpdateConnection = false 
)

import data

Definition at line 1217 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), coral_bridge::AuthenticationCredentialSet::data(), runEdmFileComparison::found, cond::PrincipalData::id, m_principalKey, m_session, genParticles_cff::map, mps_check::msg, createfilelist::parser, dataDML::schema, cond::schemaLabel(), cond::selectPrincipal(), serviceName, dataDML::session, setPermission(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and updateConnection().

1219  {
1220  CSScopedSession session( *this );
1221  session.start( false );
1222  coral::ISchema& schema = m_session->nominalSchema();
1223 
1224  PrincipalData princData;
1225  bool found = selectPrincipal( schema, principal, princData );
1226 
1227  if( ! found ){
1228  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1229  throwException( msg, "CredentialStore::importForPrincipal");
1230  }
1231 
1232  bool imported = false;
1233  auth::Cipher cipher( m_principalKey );
1234  std::string princKey = cipher.b64decrypt( princData.adminKey);
1235 
1236  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
1237  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
1238  const std::string& connectionString = iConn->first.first;
1239  coral::URIParser parser;
1240  parser.setURI( connectionString );
1241  std::string serviceName = parser.hostName();
1242  const std::string& role = iConn->first.second;
1243  std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
1244  std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
1245  // first import the connections
1246  std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
1247  auth::Cipher cipher( m_principalKey );
1248  // than set the permission for the specific role
1249  setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
1250  imported = true;
1251  }
1252  session.close();
1253  return imported;
1254 }
static const std::string serviceName
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
bool updateConnection(const std::string &connectionLabel, const std::string &userName, const std::string &password)
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::installAdmin ( const std::string &  userName,
const std::string &  password 
)

Definition at line 864 of file CredentialStore.cc.

References ADMIN_KEY_COL(), AUTH_ID_COL(), AUTH_KEY_COL(), cond::auth::Cipher::b64encrypt(), C_ID_COL(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::auth::ServiceCredentials::connectionString, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), m_key, m_principalKey, m_serviceData, m_session, cond::auth::KeyGenerator::make(), mps_check::msg, P_ID_COL(), PASSWORD_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), cond::auth::DecodingKey::principalKey(), cond::auth::DecodingKey::principalName(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::schemaLabelForCredentialStore(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::startSuper(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), USERNAME_COL(), VERIFICATION_COL(), and VERIFICATION_KEY_COL().

864  {
865  if(!m_serviceData){
866  throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );
867  }
868  const std::string& connectionString = m_serviceData->connectionString;
869  const std::string& principalName = m_key.principalName();
870 
871  CSScopedSession session( *this );
872  session.startSuper( connectionString, userName, password );
873 
874  coral::ISchema& schema = m_session->nominalSchema();
875 
876  PrincipalData princData;
877  bool found = selectPrincipal( schema, principalName, princData );
878 
879  if( found ){
880  std::string msg("Principal \"");
881  msg += principalName + "\" has been installed already.";
882  throwException(msg,"CredentialStore::installAdmin");
883  }
884 
885  auth::KeyGenerator gen;
887 
888  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
889 
890  int principalId = -1;
891  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );
892 
893  auth::Cipher cipher0( m_key.principalKey() );
894  auth::Cipher cipher1( m_principalKey );
895 
896  coral::AttributeList authData;
897  editor0.rowBuffer(authData);
898  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
899  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
900  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
901  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
902  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
903  editor0.insertRow( authData );
904 
905  std::string connLabel = schemaLabelForCredentialStore( connectionString );
906  auth::DecodingKey tmpKey;
907  std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
908  std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );
909 
910  auth::Cipher cipher2( connectionKey );
911  std::string encryptedUserName = cipher2.b64encrypt( userName );
912  std::string encryptedPassword = cipher2.b64encrypt( password );
913  std::string encryptedLabel = cipher2.b64encrypt( connLabel );
914 
915  int connId = -1;
916  if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );
917 
918  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
919  coral::AttributeList connectionData;
920  editor1.rowBuffer(connectionData);
921  connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
922  connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
923  connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
924  connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
925  connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
926  connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
927  editor1.insertRow( connectionData );
928 
929  int authId = -1;
930  if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );
931 
932  coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
933  coral::AttributeList permissionData;
934  editor2.rowBuffer(permissionData);
935  permissionData[ AUTH_ID_COL ].data<int>() = authId;
936  permissionData[ P_ID_COL ].data<int>() = principalId;
937  permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
938  permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
939  permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
940  permissionData[ C_ID_COL ].data<int>() = connId;
941  editor2.insertRow( permissionData );
942 
943  session.close();
944  return true;
945 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string ADMIN_KEY_COL("CRED2")
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
const std::string & principalName() const
Definition: DecodingKey.h:107
static const std::string USERNAME_COL("CRED4")
def gen(fragment, howMuch)
Production test section ####.
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
std::string schemaLabelForCredentialStore(const std::string &connectionString)
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
static const std::string PRINCIPAL_ID_COL("P_ID")
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string PRINCIPAL_KEY_COL("CRED1")
static const std::string P_ID_COL("P_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:113
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
const std::string & cond::CredentialStore::keyPrincipalName ( )

Definition at line 1440 of file CredentialStore.cc.

References m_key, and cond::auth::DecodingKey::principalName().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

1440  {
1441  return m_key.principalName();
1442 }
const std::string & principalName() const
Definition: DecodingKey.h:107
auth::DecodingKey m_key
bool cond::CredentialStore::listConnections ( std::map< std::string, std::pair< std::string, std::string > > &  destination)

Definition at line 1279 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), COND_CREDENTIAL_TABLE(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cmsStageWithFailover::destination, runEdmFileComparison::found, m_principalKey, m_session, PASSWORD_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

1279  {
1280  CSScopedSession session( *this );
1281  session.start( true );
1282  coral::ISchema& schema = m_session->nominalSchema();
1283 
1284  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
1285  coral::AttributeList readBuff;
1286  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
1287  readBuff.extend<std::string>( USERNAME_COL );
1288  readBuff.extend<std::string>( PASSWORD_COL );
1289  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
1290  readBuff.extend<std::string>( CONNECTION_KEY_COL );
1291  query->defineOutput(readBuff);
1292  query->addToOutputList( CONNECTION_LABEL_COL );
1293  query->addToOutputList( USERNAME_COL );
1294  query->addToOutputList( PASSWORD_COL );
1295  query->addToOutputList( VERIFICATION_KEY_COL );
1296  query->addToOutputList( CONNECTION_KEY_COL );
1297  coral::ICursor& cursor = query->execute();
1298  bool found = false;
1299  auth::Cipher cipher0(m_principalKey );
1300  while ( cursor.next() ) {
1301  std::string userName("");
1302  std::string password("");
1303  const coral::AttributeList& row = cursor.currentRow();
1304  const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
1305  const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
1306  const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
1307  std::string connKey = cipher0.b64decrypt( encryptedKey );
1308  auth::Cipher cipher1( connKey );
1309  std::string verif = cipher1.b64decrypt( encryptedVerif );
1310  if( verif == connLabel ){
1311  const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
1312  const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
1313  userName = cipher1.b64decrypt( encryptedUserName );
1314  password = cipher1.b64decrypt( encryptedPassword );
1315  }
1316  destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
1317  found = true;
1318  }
1319  session.close();
1320  return found;
1321 }
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
std::shared_ptr< coral::ISession > m_session
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool cond::CredentialStore::listPrincipals ( std::vector< std::string > &  destination)

Definition at line 1256 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), runEdmFileComparison::found, m_session, PRINCIPAL_NAME_COL(), das::query(), dataDML::schema, dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

1256  {
1257 
1258  CSScopedSession session( *this );
1259  session.start( true );
1260  coral::ISchema& schema = m_session->nominalSchema();
1261 
1262  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
1263  coral::AttributeList readBuff;
1264  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1265  query->defineOutput(readBuff);
1266  query->addToOutputList( PRINCIPAL_NAME_COL );
1267  coral::ICursor& cursor = query->execute();
1268  bool found = false;
1269  while ( cursor.next() ) {
1270  found = true;
1271  const coral::AttributeList& row = cursor.currentRow();
1272  destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
1273  }
1274  session.close();
1275  return found;
1276 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
def query(query_str, verbose=False)
Definition: das.py:5
Definition: query.py:1
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_NAME_COL("P_NAME")
std::pair< std::string, std::string > cond::CredentialStore::openConnection ( const std::string &  connectionString)
private

Definition at line 411 of file CredentialStore.cc.

References instance.

411  {
412  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
413  if ( ! relationalService.isValid() ){
414  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
415  relationalService = coral::Context::instance().query<coral::IRelationalService>();
416  }
417  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
418  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
419  m_connection.reset( domain.newConnection( connTokens.first ) );
420  m_connection->connect();
421  return connTokens;
422 }
static PFTauRenderPlugin instance
std::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( const std::string &  schemaName,
const std::string &  userName,
const std::string &  password,
bool  readMode 
)
private

Definition at line 424 of file CredentialStore.cc.

References lumiQueryAPI::accessMode.

424  {
425  coral::AccessMode accessMode = coral::ReadOnly;
426  if( !readMode ) accessMode = coral::Update;
427  m_session.reset( m_connection->newSession( schemaName, accessMode) );
428  m_session->startUserSession( userName, password );
429  // open read-only transaction
430  m_session->transaction().start( readMode );
431 }
std::shared_ptr< coral::ISession > m_session
std::shared_ptr< coral::IConnection > m_connection
void cond::CredentialStore::openSession ( bool  readOnly = true)
private
bool cond::CredentialStore::removeConnection ( const std::string &  connectionLabel)

Definition at line 1130 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), runEdmFileComparison::found, cond::CredentialData::id, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1130  {
1131  CSScopedSession session( *this );
1132  session.start( false );
1133  coral::ISchema& schema = m_session->nominalSchema();
1134 
1135  CredentialData credsData;
1136  bool found = selectConnection( schema, connectionLabel, credsData );
1137 
1138  if( ! found ){
1139  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1140  throwException( msg, "CredentialStore::removeConnection");
1141  }
1142 
1143  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1144 
1145  coral::AttributeList deleteData0;
1146  deleteData0.extend<int>( C_ID_COL );
1147  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
1148  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
1149  editor0.deleteRows( whereClause0 , deleteData0 );
1150 
1151  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
1152 
1153  coral::AttributeList deleteData1;
1154  deleteData1.extend<int>( CONNECTION_ID_COL );
1155  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
1156  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
1157  editor1.deleteRows( whereClause1 , deleteData1 );
1158 
1159  session.close();
1160 
1161  return true;
1162 }
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string C_ID_COL("C_ID")
bool cond::CredentialStore::removePrincipal ( const std::string &  principal)

Definition at line 1096 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), PRINCIPAL_ID_COL(), dataDML::schema, cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1096  {
1097  CSScopedSession session( *this );
1098  session.start( false );
1099  coral::ISchema& schema = m_session->nominalSchema();
1100 
1101  PrincipalData princData;
1102  bool found = selectPrincipal( schema, principal, princData );
1103 
1104  if( ! found ){
1105  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1106  throwException( msg, "CredentialStore::removePrincipal");
1107  }
1108 
1109  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1110 
1111  coral::AttributeList deleteData0;
1112  deleteData0.extend<int>( P_ID_COL );
1113  deleteData0[ P_ID_COL ].data<int>() = princData.id;
1114  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
1115  editor0.deleteRows( whereClause0 , deleteData0 );
1116 
1117  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
1118 
1119  coral::AttributeList deleteData1;
1120  deleteData1.extend<int>( PRINCIPAL_ID_COL );
1121  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
1122  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
1123  editor1.deleteRows( whereClause1 , deleteData1 );
1124 
1125  session.close();
1126 
1127  return true;
1128 }
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string PRINCIPAL_ID_COL("P_ID")
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::selectForUser ( coral_bridge::AuthenticationCredentialSet destinationData)

Definition at line 1164 of file CredentialStore.cc.

References AUTH_KEY_COL(), cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), m_principalId, m_principalKey, m_session, P_ID_COL(), PASSWORD_COL(), das::query(), coral_bridge::AuthenticationCredentialSet::registerCredentials(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, USERNAME_COL(), and VERIFICATION_KEY_COL().

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

1164  {
1165  CSScopedSession session( *this );
1166  session.start( true );
1167  coral::ISchema& schema = m_session->nominalSchema();
1168 
1169  auth::Cipher cipher( m_principalKey );
1170 
1171  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1172  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1173  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1174  coral::AttributeList readBuff;
1175  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1176  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1177  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
1178  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1179  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1180  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1181  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1182  coral::AttributeList whereData;
1183  whereData.extend<int>(P_ID_COL);
1184  whereData[ P_ID_COL ].data<int>() = m_principalId;
1185  std::stringstream whereClause;
1186  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1187  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
1188  query->defineOutput(readBuff);
1189  query->addToOutputList( "AUTHO."+ROLE_COL );
1190  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1191  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
1192  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1193  query->addToOutputList( "CREDS."+USERNAME_COL );
1194  query->addToOutputList( "CREDS."+PASSWORD_COL );
1195  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1196  query->setCondition( whereClause.str(), whereData );
1197  coral::ICursor& cursor = query->execute();
1198  while ( cursor.next() ) {
1199  const coral::AttributeList& row = cursor.currentRow();
1200  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1201  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1202  const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
1203  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1204  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
1205  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
1206  const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1207  std::string authKey = cipher.b64decrypt( encryptedAuthKey );
1208  auth::Cipher connCipher( authKey );
1209  if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
1210  destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ), connCipher.b64decrypt( encryptedPassword ) );
1211  }
1212  }
1213  session.close();
1214  return true;
1215 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
friend class CSScopedSession
static const std::string USERNAME_COL("CRED4")
static const std::string CONNECTION_ID_COL("CONN_ID")
std::shared_ptr< coral::ISession > m_session
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
bool cond::CredentialStore::selectPermissions ( const std::string &  principalName,
const std::string &  role,
const std::string &  connectionString,
std::vector< Permission > &  destination 
)

Definition at line 1323 of file CredentialStore.cc.

References C_ID_COL(), cond::CSScopedSession::close(), COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_LABEL_COL(), cond::CredentialStore::Permission::connectionLabel, cond::CredentialStore::Permission::connectionString, runEdmFileComparison::found, m_session, P_ID_COL(), PRINCIPAL_ID_COL(), PRINCIPAL_NAME_COL(), cond::CredentialStore::Permission::principalName, das::query(), cond::CredentialStore::Permission::role, ROLE_COL(), dataDML::schema, SCHEMA_COL(), dataDML::session, cond::CSScopedSession::start(), and AlCaHLTBitMon_QueryRunRegistry::string.

1326  {
1327  CSScopedSession session( *this );
1328  session.start( true );
1329  coral::ISchema& schema = m_session->nominalSchema();
1330  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1331  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
1332  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1333  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1334  coral::AttributeList readBuff;
1335  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
1336  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1337  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1338  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1339  coral::AttributeList whereData;
1340  std::stringstream whereClause;
1341  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
1342  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1343  if( !principalName.empty() ){
1344  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1345  whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
1346  whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
1347  }
1348  if( !role.empty() ){
1349  whereData.extend<std::string>(ROLE_COL);
1350  whereData[ ROLE_COL ].data<std::string>() = role;
1351  whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
1352  }
1353  if( !connectionString.empty() ){
1354  whereData.extend<std::string>(SCHEMA_COL);
1355  whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
1356  whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1357  }
1358 
1359  query->defineOutput(readBuff);
1360  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
1361  query->addToOutputList( "AUTHO."+ROLE_COL );
1362  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1363  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1364  query->setCondition( whereClause.str(), whereData );
1365  query->addToOrderList( "AUTHO."+SCHEMA_COL );
1366  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL );
1367  query->addToOrderList( "AUTHO."+ROLE_COL );
1368  coral::ICursor& cursor = query->execute();
1369  bool found = false;
1370  while ( cursor.next() ) {
1371  const coral::AttributeList& row = cursor.currentRow();
1372  destination.resize( destination.size()+1 );
1373  Permission& perm = destination.back();
1374  perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
1375  perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1376  perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1377  perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1378  found = true;
1379  }
1380  session.close();
1381  return found;
1382 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
Definition: query.py:1
friend class CSScopedSession
static const std::string CONNECTION_ID_COL("CONN_ID")
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
static const std::string PRINCIPAL_NAME_COL("P_NAME")
bool cond::CredentialStore::setPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString,
const std::string &  connectionLabel 
)

Definition at line 1019 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::CSScopedSession::close(), cond::CredentialData::connectionKey, runEdmFileComparison::found, cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_session, mps_check::msg, dataDML::schema, cond::selectConnection(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by importForPrincipal(), and updatePrincipal().

1022  {
1023  CSScopedSession session( *this );
1024  session.start( false );
1025 
1026  coral::ISchema& schema = m_session->nominalSchema();
1027 
1028  PrincipalData princData;
1029  bool found = selectPrincipal( schema, principal, princData );
1030 
1031  if( ! found ){
1032  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1033  throwException( msg, "CredentialStore::setPermission");
1034  }
1035 
1036  CredentialData credsData;
1037  found = selectConnection( schema, connectionLabel, credsData );
1038 
1039  if( ! found ){
1040  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1041  throwException( msg, "CredentialStore::setPermission");
1042  }
1043 
1044  auth::Cipher cipher( m_principalKey );
1045  bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
1046  session.close();
1047  return ret;
1048 }
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
bool cond::CredentialStore::setPermission ( int  principalId,
const std::string &  principalKey,
const std::string &  role,
const std::string &  connectionString,
int  connectionId,
const std::string &  connectionKey 
)
private

Definition at line 547 of file CredentialStore.cc.

References AUTH_ID_COL(), AUTH_KEY_COL(), cond::auth::Cipher::b64encrypt(), C_ID_COL(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, getNextSequenceValue(), cond::AuthorizationData::id, GetRecoTauVFromDQM_MC_cff::next, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectAuthorization(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::persistency::throwException().

547  {
548  coral::ISchema& schema = m_session->nominalSchema();
549  auth::Cipher cipher( principalKey );
550  std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );
551 
552  AuthorizationData authData;
553  bool found = selectAuthorization( schema, principalId, role, connectionString, authData );
554 
555  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
556  if( found ) {
557  coral::AttributeList updateData;
558  updateData.extend<int>( AUTH_ID_COL );
559  updateData.extend<int>( C_ID_COL );
560  updateData.extend<std::string>( AUTH_KEY_COL );
561  updateData[ AUTH_ID_COL ].data<int>() = authData.id;
562  updateData[ C_ID_COL ].data<int>() = connectionId;
563  updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
564  std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
565  std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
566  editor.updateRows( setCl,whereCl, updateData );
567  } else {
568 
569  int next = -1;
570  if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, next ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::setPermission" );
571 
572  coral::AttributeList insertData;
573  insertData.extend<int>( AUTH_ID_COL );
574  insertData.extend<int>( P_ID_COL );
575  insertData.extend<std::string>( ROLE_COL );
576  insertData.extend<std::string>( SCHEMA_COL );
577  insertData.extend<std::string>( AUTH_KEY_COL );
578  insertData.extend<int>( C_ID_COL );
579  insertData[ AUTH_ID_COL ].data<int>() = next;
580  insertData[ P_ID_COL ].data<int>() = principalId;
581  insertData[ ROLE_COL ].data<std::string>() = role;
582  insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
583  insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
584  insertData[ C_ID_COL ].data<int>() = connectionId;
585  editor.insertRow( insertData );
586  }
587  return true;
588 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
bool selectAuthorization(coral::ISchema &schema, int principalId, const std::string &role, const std::string &connectionString, AuthorizationData &destination)
std::shared_ptr< coral::ISession > m_session
static const std::string AUTH_ID_COL("AUTH_ID")
static const std::string P_ID_COL("P_ID")
static const std::string C_ID_COL("C_ID")
static const std::string AUTH_KEY_COL("CRED3")
std::string cond::CredentialStore::setUpForConnectionString ( const std::string &  connectionString,
const std::string &  authPath 
)

Definition at line 726 of file CredentialStore.cc.

References instance, serviceName, setUpForService(), and AlCaHLTBitMon_QueryRunRegistry::string.

Referenced by cond::RelationalAuthenticationService::RelationalAuthenticationService::credentials().

727  {
728  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
729  if ( ! relationalService.isValid() ){
730  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
731  relationalService = coral::Context::instance().query<coral::IRelationalService>();
732  }
733  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
734  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
735  std::string& serviceName = connTokens.first;
736  return setUpForService( serviceName, authPath );
737 }
static PFTauRenderPlugin instance
static const std::string serviceName
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
std::string cond::CredentialStore::setUpForService ( const std::string &  serviceName,
const std::string &  authPath 
)

Sets the initialization parameters.

Definition at line 694 of file CredentialStore.cc.

References cond::auth::COND_KEY, cond::auth::ServiceCredentials::connectionString, FrontierConditions_GlobalTag_cff::file, cond::auth::DecodingKey::FILE_PATH, cond::auth::DecodingKey::init(), m_key, m_serviceData, m_serviceName, mps_check::msg, callgraph::path, serviceName, cond::auth::DecodingKey::services(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

Referenced by setUpForConnectionString().

695  {
696  if( serviceName.empty() ){
697  throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );
698  }
699  m_serviceName.clear();
700  m_serviceData = nullptr;
701 
702  if( authPath.empty() ){
703  throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
704  }
705  boost::filesystem::path fullPath( authPath );
706  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
707  throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
708  }
710  fullPath /= file;
711 
712  m_key.init( fullPath.string(), auth::COND_KEY );
713 
714  std::map< std::string, auth::ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
715  if( iK == m_key.services().end() ){
716  std::string msg("");
717  msg += "Service \""+serviceName+"\" can't be open with the current key.";
718  throwException( msg,"cond::CredentialStore::setUpConnection" );
719  }
721  m_serviceData = &iK->second;
723 }
size_t init(const std::string &keyFileName, const std::string &password, bool readMode=true)
Definition: DecodingKey.cc:109
const std::map< std::string, ServiceCredentials > & services() const
Definition: DecodingKey.h:131
static const std::string serviceName
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
auth::DecodingKey m_key
tuple msg
Definition: mps_check.py:277
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:39
const auth::ServiceCredentials * m_serviceData
static constexpr const char *const COND_KEY
Definition: Auth.h:22
void cond::CredentialStore::startSession ( bool  readMode)
private

Definition at line 439 of file CredentialStore.cc.

References cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), C_ID_COL(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), COND_AUTHORIZATION_TABLE(), COND_CREDENTIAL_TABLE(), CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), runEdmFileComparison::found, cond::PrincipalData::id, P_ID_COL(), PASSWORD_COL(), cond::PrincipalData::principalKey, das::query(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::PrincipalData::verifKey.

439  {
440  if(!m_serviceData){
441  throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );
442  }
443  const std::string& storeConnectionString = m_serviceData->connectionString;
444 
445  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );
446 
447  const std::string& userName = m_serviceData->userName;
448  const std::string& password = m_serviceData->password;
449 
450  openSession( connTokens.second, userName, password, true );
451 
452  coral::ISchema& schema = m_session->nominalSchema();
453  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
454  !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
455  !schema.existsTable(COND_CREDENTIAL_TABLE) ){
456  throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
457  }
458 
459  const std::string& principalName = m_key.principalName();
460  // now authenticate...
461  PrincipalData princData;
462  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
463  throwException( "Invalid credentials provided.(0)",
464  "CredentialStore::openSession");
465  }
466  auth::Cipher cipher0( m_key.principalKey() );
467  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
468  if( verifStr != principalName ){
469  throwException( "Invalid credentials provided (1)",
470  "CredentialStore::openSession");
471  }
472  // ok, authenticated!
473  m_principalId = princData.id;
474  m_principalKey = cipher0.b64decrypt( princData.principalKey );
475 
476  if(!readMode ) {
477 
478  auth::Cipher cipher0( m_principalKey );
479  std::string adminKey = cipher0.b64decrypt( princData.adminKey );
480  if( adminKey != m_principalKey ){
481  // not admin user!
482  throwException( "Provided credentials does not allow admin operation.",
483  "CredentialStore::openSession");
484  }
485 
486  // first find the credentials for WRITING in the security tables
487  std::auto_ptr<coral::IQuery> query(schema.newQuery());
488  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
489  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
490  coral::AttributeList readBuff;
491  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
492  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
493  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
494  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
495  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
496  coral::AttributeList whereData;
497  whereData.extend<int>(P_ID_COL);
498  whereData.extend<std::string>(ROLE_COL);
499  whereData.extend<std::string>(SCHEMA_COL);
500  whereData[ P_ID_COL ].data<int>() = m_principalId;
501  whereData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
502  whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
503  std::stringstream whereClause;
504  whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
505  whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
506  whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
507  whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
508  query->defineOutput(readBuff);
509  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
510  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
511  query->addToOutputList( "CREDS."+USERNAME_COL );
512  query->addToOutputList( "CREDS."+PASSWORD_COL );
513  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
514  query->setCondition( whereClause.str(), whereData );
515  coral::ICursor& cursor = query->execute();
516  bool found = false;
517  std::string writeUserName("");
518  std::string writePassword("");
519  if ( cursor.next() ) {
520  const coral::AttributeList& row = cursor.currentRow();
521  const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
522  const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
523  std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
524  auth::Cipher cipher1( connectionKey );
525  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
526  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
527  const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
528  if( cipher1.b64decrypt( verificationKey ) != connLabel ){
529  throwException( "Could not decrypt credentials.Provided key is invalid.",
530  "CredentialStore::startSession");
531  }
532  writeUserName = cipher1.b64decrypt( encryptedUserName );
533  writePassword = cipher1.b64decrypt( encryptedPassword );
534  found = true;
535  }
536  if( ! found ){
537  throwException( "Provided credentials are invalid for write access.",
538  "CredentialStore::openSession");
539  }
540  m_session->transaction().commit();
541  m_session->endUserSession();
542  openSession( connTokens.second, writeUserName, writePassword, false );
543 
544  }
545 }
static const std::string ROLE_COL("C_ROLE")
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
def query(query_str, verbose=False)
Definition: das.py:5
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
Definition: query.py:1
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
const std::string & principalName() const
Definition: DecodingKey.h:107
static const std::string USERNAME_COL("CRED4")
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
static const std::string CONNECTION_ID_COL("CONN_ID")
auth::DecodingKey m_key
std::shared_ptr< coral::ISession > m_session
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
static const std::string P_ID_COL("P_ID")
const std::string & principalKey() const
Definition: DecodingKey.h:113
const auth::ServiceCredentials * m_serviceData
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
static const std::string C_ID_COL("C_ID")
void cond::CredentialStore::startSuperSession ( const std::string &  connectionString,
const std::string &  userName,
const std::string &  password 
)
private

Definition at line 433 of file CredentialStore.cc.

433  {
434  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
435  openSession( connTokens.second, userName, password, false );
436 }
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
bool cond::CredentialStore::unsetPermission ( const std::string &  principal,
const std::string &  role,
const std::string &  connectionString 
)

Definition at line 1050 of file CredentialStore.cc.

References cond::CSScopedSession::close(), COND_AUTHORIZATION_TABLE(), idDealer::editor, runEdmFileComparison::found, cond::PrincipalData::id, m_session, mps_check::msg, P_ID_COL(), ROLE_COL(), dataDML::schema, SCHEMA_COL(), cond::selectPrincipal(), dataDML::session, cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, and cond::throwException().

1052  {
1053  CSScopedSession session( *this );
1054  session.start( false );
1055  coral::ISchema& schema = m_session->nominalSchema();
1056 
1057  PrincipalData princData;
1058  bool found = selectPrincipal( schema, principal, princData );
1059 
1060  if( ! found ){
1061  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1062  throwException( msg, "CredentialStore::unsetPermission");
1063  }
1064 
1065  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1066  coral::AttributeList deleteData;
1067  deleteData.extend<int>( P_ID_COL );
1068  deleteData.extend<std::string>( ROLE_COL );
1069  deleteData.extend<std::string>( SCHEMA_COL );
1070  deleteData[ P_ID_COL ].data<int>() = princData.id;
1071  deleteData[ ROLE_COL ].data<std::string>() = role;
1072  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
1073  std::stringstream whereClause;
1074  whereClause << P_ID_COL+" = :"+P_ID_COL;
1075  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
1076  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1077  editor.deleteRows( whereClause.str(), deleteData );
1078  session.close();
1079  return true;
1080 }
static const std::string ROLE_COL("C_ROLE")
static const std::string SCHEMA_COL("C_SCHEMA")
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
def principal(options)
friend class CSScopedSession
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
tuple msg
Definition: mps_check.py:277
std::shared_ptr< coral::ISession > m_session
static const std::string P_ID_COL("P_ID")
bool cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password 
)

Definition at line 1082 of file CredentialStore.cc.

References cond::CSScopedSession::close(), m_session, dataDML::session, and cond::CSScopedSession::start().

Referenced by importForPrincipal(), Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

1084  {
1085  CSScopedSession session( *this );
1086  session.start( false );
1087 
1088  m_session->transaction().start();
1089 
1090  updateConnection( connectionLabel,userName, password, true );
1091 
1092  session.close();
1093  return true;
1094 }
bool updateConnection(const std::string &connectionLabel, const std::string &userName, const std::string &password)
friend class CSScopedSession
std::shared_ptr< coral::ISession > m_session
std::pair< int, std::string > cond::CredentialStore::updateConnection ( const std::string &  connectionLabel,
const std::string &  userName,
const std::string &  password,
bool  forceUpdate 
)
private

Definition at line 590 of file CredentialStore.cc.

References cond::auth::Cipher::b64decrypt(), cond::auth::Cipher::b64encrypt(), COND_CREDENTIAL_TABLE(), cond::auth::COND_DB_KEY_SIZE, CONNECTION_ID_COL(), CONNECTION_KEY_COL(), CONNECTION_LABEL_COL(), cond::CredentialData::connectionKey, idDealer::editor, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), cond::CredentialData::id, cond::auth::KeyGenerator::make(), PASSWORD_COL(), dataDML::schema, cond::selectConnection(), AlCaHLTBitMon_QueryRunRegistry::string, cond::persistency::throwException(), USERNAME_COL(), VERIFICATION_KEY_COL(), and cond::CredentialData::verificationKey.

Referenced by Vispa.Gui.PortConnection.PointToPointConnection::paintEvent(), and Vispa.Gui.PortConnection.PointToPointConnection::updateTargetPoint().

593  {
594  coral::ISchema& schema = m_session->nominalSchema();
595  CredentialData credsData;
596  bool found = selectConnection( schema, connectionLabel, credsData );
597  int connId = credsData.id;
598 
599  auth::Cipher adminCipher( m_principalKey );
600  std::string connectionKey("");
601  coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
602  if( found ){
603 
604  connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
605  auth::Cipher cipher( connectionKey );
606  std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
607  if( verificationKey != connectionLabel ){
608  throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
609  }
610  if( forceUpdate ){
611  std::string encryptedUserName = cipher.b64encrypt( userName );
612  std::string encryptedPassword = cipher.b64encrypt( password );
613 
614  coral::AttributeList updateData;
615  updateData.extend<int>( CONNECTION_ID_COL );
616  updateData.extend<std::string>( USERNAME_COL );
617  updateData.extend<std::string>( PASSWORD_COL );
618  updateData[ CONNECTION_ID_COL ].data<int>() = connId;
619  updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
620  updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
621  std::stringstream setCl;
622  setCl << USERNAME_COL << " = :" << USERNAME_COL;
623  setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
625  editor.updateRows( setCl.str(),whereCl, updateData );
626  }
627  }
628 
629  if(!found){
630 
631  auth::KeyGenerator gen;
632  connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
633  auth::Cipher cipher( connectionKey );
634  std::string encryptedUserName = cipher.b64encrypt( userName );
635  std::string encryptedPassword = cipher.b64encrypt( password );
636  std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
637 
638  if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::updateConnection" );
639 
640  coral::AttributeList insertData;
641  insertData.extend<int>( CONNECTION_ID_COL );
642  insertData.extend<std::string>( CONNECTION_LABEL_COL );
643  insertData.extend<std::string>( USERNAME_COL );
644  insertData.extend<std::string>( PASSWORD_COL );
645  insertData.extend<std::string>( VERIFICATION_KEY_COL );
646  insertData.extend<std::string>( CONNECTION_KEY_COL );
647  insertData[ CONNECTION_ID_COL ].data<int>() = connId;
648  insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
649  insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
650  insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
651  insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
652  insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
653  editor.insertRow( insertData );
654 
655  /***
656  // then set the admin permission on the new connection
657  ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
658  int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
659 
660  coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
661  coral::AttributeList authData;
662  authData.extend<int>( AUTH_ID_COL );
663  authData.extend<int>( P_ID_COL );
664  authData.extend<std::string>( ROLE_COL );
665  authData.extend<std::string>( SCHEMA_COL );
666  authData.extend<std::string>( AUTH_KEY_COL );
667  authData.extend<int>( C_ID_COL );
668  authData[ AUTH_ID_COL ].data<int>() = authId;
669  authData[ P_ID_COL ].data<int>() = m_principalId;
670  authData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
671  authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
672  authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
673  authData[ C_ID_COL ].data<int>() = connId;
674  authEditor.insertRow( authData );
675  **/
676  }
677  return std::make_pair( connId, connectionKey );
678 }
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string PASSWORD_COL("CRED5")
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
static const std::string CONNECTION_KEY_COL("CRED7")
static const std::string VERIFICATION_KEY_COL("CRED6")
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
static const std::string USERNAME_COL("CRED4")
def gen(fragment, howMuch)
Production test section ####.
static const std::string CONNECTION_ID_COL("CONN_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
bool cond::CredentialStore::updatePrincipal ( const std::string &  principal,
const std::string &  principalKey,
bool  setAdmin = false 
)

Definition at line 947 of file CredentialStore.cc.

References ADMIN_KEY_COL(), cond::PrincipalData::adminKey, cond::auth::Cipher::b64decrypt(), cond::auth::Cipher::b64encrypt(), cond::CSScopedSession::close(), cond::auth::COND_ADMIN_ROLE, COND_AUTHENTICATION_TABLE(), cond::auth::COND_DB_KEY_SIZE, cond::CredentialData::connectionKey, cond::auth::ServiceCredentials::connectionString, idDealer::editor, runEdmFileComparison::found, relval_steps::gen(), getNextSequenceValue(), cond::PrincipalData::id, cond::CredentialData::id, m_principalKey, m_serviceData, m_session, cond::auth::KeyGenerator::make(), PRINCIPAL_ID_COL(), PRINCIPAL_KEY_COL(), PRINCIPAL_NAME_COL(), dataDML::schema, cond::schemaLabelForCredentialStore(), cond::selectConnection(), cond::selectPrincipal(), dataDML::session, setPermission(), cond::CSScopedSession::start(), AlCaHLTBitMon_QueryRunRegistry::string, cond::throwException(), and VERIFICATION_COL().

949  {
950  CSScopedSession session( *this );
951  session.start( false );
952 
953  coral::ISchema& schema = m_session->nominalSchema();
954 
955  PrincipalData princData;
956  bool found = selectPrincipal( schema, principalName, princData );
957 
958  auth::Cipher adminCipher( m_principalKey );
959  auth::Cipher cipher( authenticationKey );
960  std::string verifStr = cipher.b64encrypt( principalName );
961  std::string principalKey("");
962  if( setAdmin ) principalKey = m_principalKey;
963  int principalId = princData.id;
964 
965  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
966  if( found ){
967  if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
968  coral::AttributeList updateData;
969  updateData.extend<int>( PRINCIPAL_ID_COL );
970  updateData.extend<std::string>( VERIFICATION_COL );
971  updateData.extend<std::string>( PRINCIPAL_KEY_COL );
972  updateData.extend<std::string>( ADMIN_KEY_COL );
973  updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
974  updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
975  updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
976  updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
977  std::stringstream setClause;
978  setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
979  setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
980  setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
981  std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
982  editor.updateRows( setClause.str(),whereClause, updateData );
983  } else {
984  if( principalKey.empty() ) {
985  auth::KeyGenerator gen;
986  principalKey = gen.make( auth::COND_DB_KEY_SIZE );
987  }
988 
989  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
990 
991  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::updatePrincipal" );
992 
993  coral::AttributeList authData;
994  editor0.rowBuffer(authData);
995  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
996  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
997  authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
998  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
999  authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
1000  editor0.insertRow( authData );
1001  }
1002 
1003  if(setAdmin){
1005  std::string connLabel = schemaLabelForCredentialStore( connString );
1006  CredentialData credsData;
1007  bool found = selectConnection( schema, connLabel, credsData );
1008  if(!found){
1009  throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
1010  }
1011  setPermission( principalId, principalKey, auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
1012  }
1013 
1014  session.close();
1015  return true;
1016 }
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
static const std::string ADMIN_KEY_COL("CRED2")
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
friend class CSScopedSession
static const std::string VERIFICATION_COL("CRED0")
def gen(fragment, howMuch)
Production test section ####.
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
std::string schemaLabelForCredentialStore(const std::string &connectionString)
static const std::string PRINCIPAL_ID_COL("P_ID")
std::shared_ptr< coral::ISession > m_session
static const std::string PRINCIPAL_KEY_COL("CRED1")
const auth::ServiceCredentials * m_serviceData
static const std::string PRINCIPAL_NAME_COL("P_NAME")

Friends And Related Function Documentation

friend class CSScopedSession
friend

Definition at line 144 of file CredentialStore.h.

Member Data Documentation

const std::string cond::CredentialStore::DEFAULT_DATA_SOURCE
static

Definition at line 87 of file CredentialStore.h.

std::shared_ptr<coral::IConnection> cond::CredentialStore::m_connection
private

Definition at line 163 of file CredentialStore.h.

auth::DecodingKey cond::CredentialStore::m_key
private

Definition at line 172 of file CredentialStore.h.

Referenced by installAdmin(), keyPrincipalName(), and setUpForService().

int cond::CredentialStore::m_principalId
private

Definition at line 166 of file CredentialStore.h.

Referenced by selectForUser().

std::string cond::CredentialStore::m_principalKey
private
const auth::ServiceCredentials* cond::CredentialStore::m_serviceData
private

Definition at line 170 of file CredentialStore.h.

Referenced by installAdmin(), setUpForService(), and updatePrincipal().

std::string cond::CredentialStore::m_serviceName
private

Definition at line 169 of file CredentialStore.h.

Referenced by setUpForService().

std::shared_ptr<coral::ISession> cond::CredentialStore::m_session
private