File indexing completed on 2024-04-06 12:01:24
0001 #ifndef CondCore_CondDB_CredentialStore_h
0002 #define CondCore_CondDB_CredentialStore_h
0003
0004 #include "CondCore/CondDB/interface/DecodingKey.h"
0005
0006 #include <map>
0007 #include <memory>
0008 #include <string>
0009 #include <sstream>
0010 #include <algorithm>
0011
0012 #include "CoralBase/MessageStream.h"
0013
0014 namespace coral {
0015
0016 class AuthenticationCredentials;
0017 class IAuthenticationCredentials;
0018 class ISession;
0019 class IConnection;
0020
0021 }
0022
0023 inline std::string to_lower(const std::string& s) {
0024 std::string str(s);
0025 std::transform(str.begin(), str.end(), str.begin(), [](unsigned char c) { return std::tolower(c); });
0026 return str;
0027 }
0028
0029 namespace coral_bridge {
0030
0031 class AuthenticationCredentialSet {
0032 public:
0033
0034 AuthenticationCredentialSet();
0035
0036
0037 virtual ~AuthenticationCredentialSet();
0038
0039 void registerItem(const std::string& connectionString, const std::string& itemName, const std::string& itemValue);
0040
0041 void registerItem(const std::string& connectionString,
0042 const std::string& role,
0043 const std::string& itemName,
0044 const std::string& itemValue);
0045
0046
0047
0048
0049 void registerCredentials(const std::string& connectionString,
0050 const std::string& userName,
0051 const std::string& password);
0052
0053
0054
0055
0056 void registerCredentials(const std::string& connectionString,
0057 const std::string& role,
0058 const std::string& userName,
0059 const std::string& password);
0060
0061 void import(const AuthenticationCredentialSet& data);
0062
0063 const coral::IAuthenticationCredentials* get(const std::string& connectionString) const;
0064
0065 const coral::IAuthenticationCredentials* get(const std::string& connectionString, const std::string& role) const;
0066
0067 const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& data() const;
0068
0069 void reset();
0070
0071 private:
0072
0073 std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*> m_data;
0074 };
0075
0076 }
0077
0078 namespace cond {
0079
0080 class Cipher;
0081
0082 std::string schemaLabel(const std::string& serviceName, const std::string& userName);
0083
0084
0085 class CredentialStore {
0086 public:
0087
0088 static const std::string DEFAULT_DATA_SOURCE;
0089
0090 public:
0091
0092 CredentialStore();
0093
0094
0095 virtual ~CredentialStore();
0096
0097 public:
0098
0099 std::string setUpForService(const std::string& serviceName, const std::string& authPath);
0100
0101 std::string setUpForConnectionString(const std::string& connectionString, const std::string& authPath);
0102
0103 bool createSchema(const std::string& connectionString, const std::string& userName, const std::string& password);
0104
0105 bool drop(const std::string& connectionString, const std::string& userName, const std::string& password);
0106
0107 bool resetAdmin(const std::string& userName, const std::string& password);
0108
0109 bool updatePrincipal(const std::string& principal, const std::string& principalKey, bool setAdmin = false);
0110
0111 bool setPermission(const std::string& principal,
0112 const std::string& role,
0113 const std::string& connectionString,
0114 const std::string& connectionLabel);
0115
0116 size_t unsetPermission(const std::string& principal, const std::string& role, const std::string& connectionString);
0117
0118 bool updateConnection(const std::string& connectionLabel, const std::string& userName, const std::string& password);
0119
0120 bool removePrincipal(const std::string& principal);
0121
0122 bool removeConnection(const std::string& connectionLabel);
0123
0124 bool selectForUser(coral_bridge::AuthenticationCredentialSet& destinationData);
0125
0126
0127 bool importForPrincipal(const std::string& principal,
0128 const coral_bridge::AuthenticationCredentialSet& data,
0129 bool forceUpdateConnection = false);
0130
0131 bool listPrincipals(std::vector<std::string>& destination);
0132
0133 bool listConnections(std::map<std::string, std::pair<std::string, std::string> >& destination);
0134
0135 struct Permission {
0136 std::string principalName;
0137 std::string role;
0138 std::string connectionString;
0139 std::string connectionLabel;
0140 };
0141 bool selectPermissions(const std::string& principalName,
0142 const std::string& role,
0143 const std::string& connectionString,
0144 std::vector<Permission>& destination);
0145
0146 std::pair<std::string, std::string> getUserCredentials(const std::string& connectionString,
0147 const std::string& role);
0148
0149 bool exportAll(coral_bridge::AuthenticationCredentialSet& data);
0150
0151 const std::string& serviceName();
0152
0153 const std::string& keyPrincipalName();
0154
0155 std::string log();
0156
0157 private:
0158 friend class CSScopedSession;
0159
0160 std::pair<std::string, std::string> openConnection(const std::string& connectionString);
0161 void openSession(const std::string& schemaName,
0162 const std::string& userName,
0163 const std::string& password,
0164 bool readMode);
0165 void startSuperSession(const std::string& connectionString,
0166 const std::string& userName,
0167 const std::string& password);
0168 void startSession(bool readMode);
0169
0170 void openSession(bool readOnly = true);
0171
0172 void closeSession(bool commit = true);
0173
0174 private:
0175 std::shared_ptr<coral::IConnection> m_connection;
0176 std::shared_ptr<coral::ISession> m_session;
0177
0178 std::string m_authenticatedPrincipal;
0179 int m_principalId;
0180
0181 std::string m_principalKey;
0182
0183 std::string m_serviceName;
0184 const auth::ServiceCredentials* m_serviceData;
0185
0186 auth::DecodingKey m_key;
0187
0188 std::stringstream m_log;
0189 };
0190
0191 }
0192
0193 #endif