|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
#ifndef CondCore_CondDB_CredentialStore_h
#define CondCore_CondDB_CredentialStore_h
#include "CondCore/CondDB/interface/DecodingKey.h"
//
#include <map>
#include <memory>
#include <string>
#include <sstream>
#include <algorithm>
//
#include "CoralBase/MessageStream.h"
namespace coral {
class AuthenticationCredentials;
class IAuthenticationCredentials;
class ISession;
class IConnection;
} // namespace coral
inline std::string to_lower(const std::string& s) {
std::string str(s);
std::transform(str.begin(), str.end(), str.begin(), [](unsigned char c) { return std::tolower(c); });
return str;
}
namespace coral_bridge {
class AuthenticationCredentialSet {
public:
/// Constructor
AuthenticationCredentialSet();
/// Destructor
virtual ~AuthenticationCredentialSet();
void registerItem(const std::string& connectionString, const std::string& itemName, const std::string& itemValue);
void registerItem(const std::string& connectionString,
const std::string& role,
const std::string& itemName,
const std::string& itemValue);
/**
* Adds a credential item to the default role.
*/
void registerCredentials(const std::string& connectionString,
const std::string& userName,
const std::string& password);
/**
* Adds a credential item to the specified role.
*/
void registerCredentials(const std::string& connectionString,
const std::string& role,
const std::string& userName,
const std::string& password);
void import(const AuthenticationCredentialSet& data);
const coral::IAuthenticationCredentials* get(const std::string& connectionString) const;
const coral::IAuthenticationCredentials* get(const std::string& connectionString, const std::string& role) const;
const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& data() const;
void reset();
private:
/// credentials for the specific roles
std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*> m_data;
};
} // namespace coral_bridge
namespace cond {
class Cipher;
std::string schemaLabel(const std::string& serviceName, const std::string& userName);
//
class CredentialStore {
public:
// default service is pointed in case the specific one has not been found in the key list
static const std::string DEFAULT_DATA_SOURCE;
public:
/// Standard Constructor
CredentialStore();
/// Standard Destructor
virtual ~CredentialStore();
public:
/// Sets the initialization parameters
std::string setUpForService(const std::string& serviceName, const std::string& authPath);
std::string setUpForConnectionString(const std::string& connectionString, const std::string& authPath);
bool createSchema(const std::string& connectionString, const std::string& userName, const std::string& password);
bool drop(const std::string& connectionString, const std::string& userName, const std::string& password);
bool resetAdmin(const std::string& userName, const std::string& password);
bool updatePrincipal(const std::string& principal, const std::string& principalKey, bool setAdmin = false);
bool setPermission(const std::string& principal,
const std::string& role,
const std::string& connectionString,
const std::string& connectionLabel);
size_t unsetPermission(const std::string& principal, const std::string& role, const std::string& connectionString);
bool updateConnection(const std::string& connectionLabel, const std::string& userName, const std::string& password);
bool removePrincipal(const std::string& principal);
bool removeConnection(const std::string& connectionLabel);
bool selectForUser(coral_bridge::AuthenticationCredentialSet& destinationData);
/// import data
bool importForPrincipal(const std::string& principal,
const coral_bridge::AuthenticationCredentialSet& data,
bool forceUpdateConnection = false);
bool listPrincipals(std::vector<std::string>& destination);
bool listConnections(std::map<std::string, std::pair<std::string, std::string> >& destination);
struct Permission {
std::string principalName;
std::string role;
std::string connectionString;
std::string connectionLabel;
};
bool selectPermissions(const std::string& principalName,
const std::string& role,
const std::string& connectionString,
std::vector<Permission>& destination);
std::pair<std::string, std::string> getUserCredentials(const std::string& connectionString,
const std::string& role);
bool exportAll(coral_bridge::AuthenticationCredentialSet& data);
const std::string& serviceName();
const std::string& keyPrincipalName();
std::string log();
private:
friend class CSScopedSession;
std::pair<std::string, std::string> openConnection(const std::string& connectionString);
void openSession(const std::string& schemaName,
const std::string& userName,
const std::string& password,
bool readMode);
void startSuperSession(const std::string& connectionString,
const std::string& userName,
const std::string& password);
void startSession(bool readMode);
void openSession(bool readOnly = true);
void closeSession(bool commit = true);
private:
std::shared_ptr<coral::IConnection> m_connection;
std::shared_ptr<coral::ISession> m_session;
std::string m_authenticatedPrincipal;
int m_principalId;
// the key used to encrypt the db credentials accessibles by the owner of the authenticated key.
std::string m_principalKey;
std::string m_serviceName;
const auth::ServiceCredentials* m_serviceData;
auth::DecodingKey m_key;
std::stringstream m_log;
};
} // namespace cond
#endif
|