Back to home page

Project CMSSW displayed by LXR

 
 

    


File indexing completed on 2024-04-06 12:01:24

0001 #ifndef CondCore_CondDB_CredentialStore_h
0002 #define CondCore_CondDB_CredentialStore_h
0003 
0004 #include "CondCore/CondDB/interface/DecodingKey.h"
0005 //
0006 #include <map>
0007 #include <memory>
0008 #include <string>
0009 #include <sstream>
0010 #include <algorithm>
0011 //
0012 #include "CoralBase/MessageStream.h"
0013 
0014 namespace coral {
0015 
0016   class AuthenticationCredentials;
0017   class IAuthenticationCredentials;
0018   class ISession;
0019   class IConnection;
0020 
0021 }  // namespace coral
0022 
0023 inline std::string to_lower(const std::string& s) {
0024   std::string str(s);
0025   std::transform(str.begin(), str.end(), str.begin(), [](unsigned char c) { return std::tolower(c); });
0026   return str;
0027 }
0028 
0029 namespace coral_bridge {
0030 
0031   class AuthenticationCredentialSet {
0032   public:
0033     /// Constructor
0034     AuthenticationCredentialSet();
0035 
0036     /// Destructor
0037     virtual ~AuthenticationCredentialSet();
0038 
0039     void registerItem(const std::string& connectionString, const std::string& itemName, const std::string& itemValue);
0040 
0041     void registerItem(const std::string& connectionString,
0042                       const std::string& role,
0043                       const std::string& itemName,
0044                       const std::string& itemValue);
0045 
0046     /**
0047      * Adds a credential item to the default role.
0048      */
0049     void registerCredentials(const std::string& connectionString,
0050                              const std::string& userName,
0051                              const std::string& password);
0052 
0053     /**
0054      * Adds a credential item to the specified role.
0055      */
0056     void registerCredentials(const std::string& connectionString,
0057                              const std::string& role,
0058                              const std::string& userName,
0059                              const std::string& password);
0060 
0061     void import(const AuthenticationCredentialSet& data);
0062 
0063     const coral::IAuthenticationCredentials* get(const std::string& connectionString) const;
0064 
0065     const coral::IAuthenticationCredentials* get(const std::string& connectionString, const std::string& role) const;
0066 
0067     const std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*>& data() const;
0068 
0069     void reset();
0070 
0071   private:
0072     /// credentials for the specific roles
0073     std::map<std::pair<std::string, std::string>, coral::AuthenticationCredentials*> m_data;
0074   };
0075 
0076 }  // namespace coral_bridge
0077 
0078 namespace cond {
0079 
0080   class Cipher;
0081 
0082   std::string schemaLabel(const std::string& serviceName, const std::string& userName);
0083 
0084   //
0085   class CredentialStore {
0086   public:
0087     // default service is pointed in case the specific one has not been found in the key list
0088     static const std::string DEFAULT_DATA_SOURCE;
0089 
0090   public:
0091     /// Standard Constructor
0092     CredentialStore();
0093 
0094     /// Standard Destructor
0095     virtual ~CredentialStore();
0096 
0097   public:
0098     /// Sets the initialization parameters
0099     std::string setUpForService(const std::string& serviceName, const std::string& authPath);
0100 
0101     std::string setUpForConnectionString(const std::string& connectionString, const std::string& authPath);
0102 
0103     bool createSchema(const std::string& connectionString, const std::string& userName, const std::string& password);
0104 
0105     bool drop(const std::string& connectionString, const std::string& userName, const std::string& password);
0106 
0107     bool resetAdmin(const std::string& userName, const std::string& password);
0108 
0109     bool updatePrincipal(const std::string& principal, const std::string& principalKey, bool setAdmin = false);
0110 
0111     bool setPermission(const std::string& principal,
0112                        const std::string& role,
0113                        const std::string& connectionString,
0114                        const std::string& connectionLabel);
0115 
0116     size_t unsetPermission(const std::string& principal, const std::string& role, const std::string& connectionString);
0117 
0118     bool updateConnection(const std::string& connectionLabel, const std::string& userName, const std::string& password);
0119 
0120     bool removePrincipal(const std::string& principal);
0121 
0122     bool removeConnection(const std::string& connectionLabel);
0123 
0124     bool selectForUser(coral_bridge::AuthenticationCredentialSet& destinationData);
0125 
0126     /// import data
0127     bool importForPrincipal(const std::string& principal,
0128                             const coral_bridge::AuthenticationCredentialSet& data,
0129                             bool forceUpdateConnection = false);
0130 
0131     bool listPrincipals(std::vector<std::string>& destination);
0132 
0133     bool listConnections(std::map<std::string, std::pair<std::string, std::string> >& destination);
0134 
0135     struct Permission {
0136       std::string principalName;
0137       std::string role;
0138       std::string connectionString;
0139       std::string connectionLabel;
0140     };
0141     bool selectPermissions(const std::string& principalName,
0142                            const std::string& role,
0143                            const std::string& connectionString,
0144                            std::vector<Permission>& destination);
0145 
0146     std::pair<std::string, std::string> getUserCredentials(const std::string& connectionString,
0147                                                            const std::string& role);
0148 
0149     bool exportAll(coral_bridge::AuthenticationCredentialSet& data);
0150 
0151     const std::string& serviceName();
0152 
0153     const std::string& keyPrincipalName();
0154 
0155     std::string log();
0156 
0157   private:
0158     friend class CSScopedSession;
0159 
0160     std::pair<std::string, std::string> openConnection(const std::string& connectionString);
0161     void openSession(const std::string& schemaName,
0162                      const std::string& userName,
0163                      const std::string& password,
0164                      bool readMode);
0165     void startSuperSession(const std::string& connectionString,
0166                            const std::string& userName,
0167                            const std::string& password);
0168     void startSession(bool readMode);
0169 
0170     void openSession(bool readOnly = true);
0171 
0172     void closeSession(bool commit = true);
0173 
0174   private:
0175     std::shared_ptr<coral::IConnection> m_connection;
0176     std::shared_ptr<coral::ISession> m_session;
0177 
0178     std::string m_authenticatedPrincipal;
0179     int m_principalId;
0180     // the key used to encrypt the db credentials accessibles by the owner of the authenticated key.
0181     std::string m_principalKey;
0182 
0183     std::string m_serviceName;
0184     const auth::ServiceCredentials* m_serviceData;
0185 
0186     auth::DecodingKey m_key;
0187 
0188     std::stringstream m_log;
0189   };
0190 
0191 }  // namespace cond
0192 
0193 #endif