CMS 3D CMS Logo
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Pages
CredentialStore.cc
Go to the documentation of this file.
1 #include "CondCore/CondDB/interface/CredentialStore.h"
2 #include "CondCore/CondDB/interface/Cipher.h"
3 #include "CondCore/CondDB/interface/Exception.h"
4 #include "CondCore/CondDB/interface/Auth.h"
5 //
6 #include "CoralBase/AttributeList.h"
7 #include "CoralBase/Attribute.h"
8 #include "CoralKernel/Context.h"
9 #include "CoralCommon/URIParser.h"
10 #include "RelationalAccess/AuthenticationCredentials.h"
11 #include "RelationalAccess/IBulkOperation.h"
12 #include "RelationalAccess/IConnection.h"
13 #include "RelationalAccess/ISession.h"
14 #include "RelationalAccess/IRelationalService.h"
15 #include "RelationalAccess/IRelationalDomain.h"
16 #include "RelationalAccess/ITransaction.h"
17 #include "RelationalAccess/ISchema.h"
18 #include "RelationalAccess/ITable.h"
19 #include "RelationalAccess/TableDescription.h"
20 #include "RelationalAccess/ITableDataEditor.h"
21 #include "RelationalAccess/IQuery.h"
22 #include "RelationalAccess/ICursor.h"
23 //
24 #include "RelationalAccess/AuthenticationCredentials.h"
25 //
26 #include <sstream>
27 #include <fstream>
28 #include <boost/filesystem.hpp>
29 
30 static const std::string serviceName = "CondAuthenticationService";
31 
32 coral_bridge::AuthenticationCredentialSet::AuthenticationCredentialSet() :
33  m_data(){
34 }
35 
36 coral_bridge::AuthenticationCredentialSet::~AuthenticationCredentialSet(){
37  reset();
38 }
39 
40 void coral_bridge::AuthenticationCredentialSet::reset(){
41  for ( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::iterator iData = m_data.begin();
42  iData != m_data.end(); ++iData )
43  delete iData->second;
44  m_data.clear();
45 }
46 
47 void coral_bridge::AuthenticationCredentialSet::registerItem( const std::string& connectionString,
48  const std::string& itemName,
49  const std::string& itemValue ){
50  registerItem( connectionString, cond::auth::COND_DEFAULT_ROLE, itemName, itemValue );
51 }
52 
53 
54 void coral_bridge::AuthenticationCredentialSet::registerItem( const std::string& connectionString,
55  const std::string& role,
56  const std::string& itemName,
57  const std::string& itemValue ){
58  std::pair<std::string,std::string> connKey( connectionString, role );
59  std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::iterator iData = m_data.find( connKey );
60  if( iData == m_data.end() ){
61  iData = m_data.insert( std::make_pair( connKey, new coral::AuthenticationCredentials( serviceName ) ) ).first;
62  }
63  iData = m_data.insert( std::make_pair( connKey, new coral::AuthenticationCredentials( serviceName ) ) ).first;
64  iData->second->registerItem( itemName, itemValue );
65 }
66 
67 void
68 coral_bridge::AuthenticationCredentialSet::registerCredentials( const std::string& connectionString,
69  const std::string& userName,
70  const std::string& password ){
71  registerCredentials( connectionString, cond::auth::COND_DEFAULT_ROLE, userName, password );
72 }
73 
74 void
75 coral_bridge::AuthenticationCredentialSet::registerCredentials( const std::string& connectionString,
76  const std::string& role,
77  const std::string& userName,
78  const std::string& password ){
79  std::pair<std::string,std::string> connKey( connectionString, role );
80  std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::iterator iData = m_data.find( connKey );
81  if( iData != m_data.end() ){
82  delete iData->second;
83  m_data.erase( connKey );
84  }
85  iData = m_data.insert( std::make_pair( connKey, new coral::AuthenticationCredentials( serviceName ) ) ).first;
86  iData->second->registerItem( coral::IAuthenticationCredentials::userItem(), userName );
87  iData->second->registerItem( coral::IAuthenticationCredentials::passwordItem(), password );
88 }
89 
90 void coral_bridge::AuthenticationCredentialSet::import( const AuthenticationCredentialSet& data ){
91  for ( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iData = data.m_data.begin();
92  iData != data.m_data.end(); ++iData ){
93  registerCredentials( iData->first.first, iData->first.second, iData->second->valueForItem( coral::IAuthenticationCredentials::userItem() ),
94  iData->second->valueForItem( coral::IAuthenticationCredentials::passwordItem() ) );
95  }
96 }
97 
98 const coral::IAuthenticationCredentials*
99 coral_bridge::AuthenticationCredentialSet::get( const std::string& connectionString ) const
100 {
101  return get( connectionString, cond::auth::COND_DEFAULT_ROLE );
102 }
103 
104 const coral::IAuthenticationCredentials*
105 coral_bridge::AuthenticationCredentialSet::get( const std::string& connectionString, const std::string& role ) const
106 {
107  const coral::IAuthenticationCredentials* ret = 0;
108  std::pair<std::string,std::string> connKey( connectionString, role );
109  std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iData = m_data.find( connKey );
110  if ( iData != m_data.end() ){
111  ret = iData->second;
112  }
113  return ret;
114 }
115 
116 const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& coral_bridge::AuthenticationCredentialSet::data() const {
117  return m_data;
118 }
119 
120 static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE");
121 static const std::string SEQUENCE_NAME_COL("NAME");
122 static const std::string SEQUENCE_VALUE_COL("VALUE");
123 
124 static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION");
125 static const std::string PRINCIPAL_ID_COL("P_ID");
126 static const std::string PRINCIPAL_NAME_COL("P_NAME");
127 static const std::string VERIFICATION_COL("CRED0");
128 static const std::string PRINCIPAL_KEY_COL("CRED1");
129 static const std::string ADMIN_KEY_COL("CRED2");
130 
131 static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION");
132 static const std::string AUTH_ID_COL("AUTH_ID");
133 static const std::string P_ID_COL("P_ID");
134 static const std::string ROLE_COL("C_ROLE");
135 static const std::string SCHEMA_COL("C_SCHEMA");
136 static const std::string AUTH_KEY_COL("CRED3");
137 static const std::string C_ID_COL("C_ID");
138 
139 static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL");
140 static const std::string CONNECTION_ID_COL("CONN_ID");
141 static const std::string CONNECTION_LABEL_COL("CONN_LABEL");
142 static const std::string USERNAME_COL("CRED4");
143 static const std::string PASSWORD_COL("CRED5");
144 static const std::string VERIFICATION_KEY_COL("CRED6");
145 static const std::string CONNECTION_KEY_COL("CRED7");
146 
147 const std::string DEFAULT_DATA_SOURCE("Cond_Default_Authentication");
148 
149 namespace cond {
150 
164  std::string schemaLabel( const std::string& serviceName,
165  const std::string& userName ){
166  std::string ret = userName;
167  if( !serviceName.empty() ){
168  ret += "@"+serviceName;
169  }
170  return ret;
171  }
172  std::string schemaLabelForCredentialStore( const std::string& connectionString ){
173  coral::URIParser parser;
174  parser.setURI( connectionString );
175  std::string serviceName = parser.hostName();
176  std::string schemaName = parser.databaseOrSchemaName();
177  return schemaLabel( serviceName, schemaName );
178  }
179 
180  class CSScopedSession {
181  public:
182  CSScopedSession( CredentialStore& store ):
183  m_store( store ){}
184  ~CSScopedSession(){
185  m_store.closeSession( false );
186  }
187  void startSuper( const std::string& connectionString, const std::string& userName, const std::string& password ){
188  m_store.startSuperSession( connectionString, userName, password );
189  }
190  void start( bool readOnly=true ){
191  m_store.startSession( readOnly );
192  }
193  void close(){
194  m_store.closeSession();
195  }
196 
197  private:
198  CredentialStore& m_store;
199  };
200 
201  struct PrincipalData {
202  int id;
203  std::string verifKey;
204  std::string principalKey;
205  std::string adminKey;
206  PrincipalData():
207  id(-1),
208  verifKey(""),
209  principalKey(""),
210  adminKey(""){}
211  };
212 
213  bool selectPrincipal( coral::ISchema& schema, const std::string& principal, PrincipalData& destination ){
214  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
215  coral::AttributeList readBuff;
216  readBuff.extend<int>(PRINCIPAL_ID_COL);
217  readBuff.extend<std::string>(VERIFICATION_COL);
218  readBuff.extend<std::string>(PRINCIPAL_KEY_COL);
219  readBuff.extend<std::string>(ADMIN_KEY_COL);
220  coral::AttributeList whereData;
221  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
222  whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principal;
223  std::string whereClause = PRINCIPAL_NAME_COL + " = :" + PRINCIPAL_NAME_COL;
224  query->defineOutput(readBuff);
225  query->addToOutputList( PRINCIPAL_ID_COL );
226  query->addToOutputList( VERIFICATION_COL );
227  query->addToOutputList( PRINCIPAL_KEY_COL );
228  query->addToOutputList( ADMIN_KEY_COL );
229  query->setCondition( whereClause, whereData );
230  coral::ICursor& cursor = query->execute();
231  bool found = false;
232  if ( cursor.next() ) {
233  found = true;
234  const coral::AttributeList& row = cursor.currentRow();
235  destination.id = row[ PRINCIPAL_ID_COL ].data<int>();
236  destination.verifKey = row[ VERIFICATION_COL ].data<std::string>();
237  destination.principalKey = row[ PRINCIPAL_KEY_COL ].data<std::string>();
238  destination.adminKey = row[ ADMIN_KEY_COL ].data<std::string>();
239  }
240  return found;
241  }
242 
243  struct CredentialData {
244  int id;
245  std::string userName;
246  std::string password;
247  std::string connectionKey;
248  std::string verificationKey;
249  CredentialData():
250  id(-1),
251  userName(""),
252  password(""),
253  connectionKey(""){
254  }
255  };
256 
257  bool selectConnection( coral::ISchema& schema, const std::string& connectionLabel, CredentialData& destination ){
258 
259  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
260  coral::AttributeList readBuff;
261  readBuff.extend<int>( CONNECTION_ID_COL );
262  readBuff.extend<std::string>( USERNAME_COL );
263  readBuff.extend<std::string>( PASSWORD_COL );
264  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
265  readBuff.extend<std::string>( CONNECTION_KEY_COL );
266  coral::AttributeList whereData;
267  whereData.extend<std::string>( CONNECTION_LABEL_COL );
268  whereData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
269  std::string whereClause = CONNECTION_LABEL_COL + " = :" + CONNECTION_LABEL_COL;
270  query->defineOutput(readBuff);
271  query->addToOutputList( CONNECTION_ID_COL );
272  query->addToOutputList( USERNAME_COL );
273  query->addToOutputList( PASSWORD_COL );
274  query->addToOutputList( VERIFICATION_KEY_COL );
275  query->addToOutputList( CONNECTION_KEY_COL );
276  query->setCondition( whereClause, whereData );
277  coral::ICursor& cursor = query->execute();
278  bool found = false;
279  if ( cursor.next() ) {
280  const coral::AttributeList& row = cursor.currentRow();
281  destination.id = row[ CONNECTION_ID_COL].data<int>();
282  destination.userName = row[ USERNAME_COL].data<std::string>();
283  destination.password = row[ PASSWORD_COL].data<std::string>();
284  destination.verificationKey = row[ VERIFICATION_KEY_COL].data<std::string>();
285  destination.connectionKey = row[ CONNECTION_KEY_COL].data<std::string>();
286  found = true;
287  }
288  return found;
289  }
290 
291  struct AuthorizationData {
292  int id;
293  int connectionId;
294  std::string key;
295  AuthorizationData():
296  id(-1),
297  connectionId(-1),
298  key(""){}
299  };
300 
301  bool selectAuthorization( coral::ISchema& schema, int principalId, const std::string& role, const std::string& connectionString, AuthorizationData& destination ){
302  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHORIZATION_TABLE).newQuery());
303  coral::AttributeList readBuff;
304  readBuff.extend<int>(AUTH_ID_COL);
305  readBuff.extend<int>(C_ID_COL);
306  readBuff.extend<std::string>(AUTH_KEY_COL);
307  coral::AttributeList whereData;
308  whereData.extend<int>(P_ID_COL);
309  whereData.extend<std::string>(ROLE_COL);
310  whereData.extend<std::string>(SCHEMA_COL);
311  whereData[ P_ID_COL ].data<int>() = principalId;
312  whereData[ ROLE_COL ].data<std::string>() = role;
313  whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
314  std::stringstream whereClause;
315  whereClause << P_ID_COL << " = :"<<P_ID_COL;
316  whereClause << " AND " << ROLE_COL << " = :"<<ROLE_COL;
317  whereClause << " AND " << SCHEMA_COL << " = :"<<SCHEMA_COL;
318  query->defineOutput(readBuff);
319  query->addToOutputList( AUTH_ID_COL );
320  query->addToOutputList( C_ID_COL );
321  query->addToOutputList( AUTH_KEY_COL );
322  query->setCondition( whereClause.str(), whereData );
323  coral::ICursor& cursor = query->execute();
324  bool found = false;
325  if ( cursor.next() ) {
326  const coral::AttributeList& row = cursor.currentRow();
327  destination.id = row[AUTH_ID_COL].data<int>();
328  destination.connectionId = row[C_ID_COL].data<int>();
329  destination.key = row[AUTH_KEY_COL].data<std::string>();
330  found = true;
331  }
332  return found;
333  }
334 
335 }
336 
337 void cond::CredentialStore::closeSession( bool commit ){
338 
339  if( m_session.get() ){
340  if(m_session->transaction().isActive()){
341  if( commit ){
342  m_session->transaction().commit();
343  } else {
344  m_session->transaction().rollback();
345  }
346  }
347  m_session->endUserSession();
348  }
349  m_session.reset();
350  if( m_connection.get() ){
351  m_connection->disconnect();
352  }
353  m_connection.reset();
354 }
355 
356 bool getNextSequenceValue( coral::ISchema& schema, const std::string& sequenceName, int& value ){
357  bool ret = false;
358  std::auto_ptr< coral::IQuery > query( schema.tableHandle( SEQUENCE_TABLE_NAME ).newQuery() );
359  query->limitReturnedRows( 1, 0 );
360  query->addToOutputList( SEQUENCE_VALUE_COL );
361  query->defineOutputType( SEQUENCE_VALUE_COL, coral::AttributeSpecification::typeNameForType<int>() );
362  query->setForUpdate();
363  std::string whereClause( SEQUENCE_NAME_COL + " = :" + SEQUENCE_NAME_COL );
364  coral::AttributeList rowData;
365  rowData.extend<std::string>( SEQUENCE_NAME_COL );
366  rowData.begin()->data< std::string >() = sequenceName;
367  query->setCondition( whereClause, rowData );
368  coral::ICursor& cursor = query->execute();
369  if ( cursor.next() ) {
370  value = cursor.currentRow().begin()->data<int>()+1;
371  ret = true;
372  } else {
373  return false;
374  }
375  // update...
376  coral::AttributeList updateData;
377  updateData.extend<std::string>( SEQUENCE_NAME_COL );
378  updateData.extend<int>( SEQUENCE_VALUE_COL );
379  std::string setClause( SEQUENCE_VALUE_COL + " = :" + SEQUENCE_VALUE_COL );
380  std::string whClause( SEQUENCE_NAME_COL + " = :" + SEQUENCE_NAME_COL );
381  coral::AttributeList::iterator iAttribute = updateData.begin();
382  iAttribute->data< std::string >() = sequenceName;
383  ++iAttribute;
384  iAttribute->data< int >() = value;
385  schema.tableHandle( SEQUENCE_TABLE_NAME ).dataEditor().updateRows( setClause,whClause,updateData );
386  return ret;
387 }
388 
389 int cond::CredentialStore::addUser( const std::string& principalName, const std::string& authenticationKey, const std::string& principalKey, const std::string& adminKey ){
390 
391  coral::ISchema& schema = m_session->nominalSchema();
392  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
393 
394  int principalId = -1;
395  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::addUser" );
396 
397  auth::Cipher cipher0( authenticationKey );
398  auth::Cipher cipher1( adminKey );
399 
400  coral::AttributeList authData;
401  editor0.rowBuffer(authData);
402  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
403  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
404  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
405  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( principalKey );
406  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( principalKey );
407  editor0.insertRow( authData );
408  return principalId;
409 }
410 
411 std::pair<std::string,std::string> cond::CredentialStore::openConnection( const std::string& connectionString ){
412  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
413  if ( ! relationalService.isValid() ){
414  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
415  relationalService = coral::Context::instance().query<coral::IRelationalService>();
416  }
417  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
418  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
419  m_connection.reset( domain.newConnection( connTokens.first ) );
420  m_connection->connect();
421  return connTokens;
422 }
423 
424 void cond::CredentialStore::openSession( const std::string& schemaName, const std::string& userName, const std::string& password, bool readMode ){
425  coral::AccessMode accessMode = coral::ReadOnly;
426  if( !readMode ) accessMode = coral::Update;
427  m_session.reset( m_connection->newSession( schemaName, accessMode) );
428  m_session->startUserSession( userName, password );
429  // open read-only transaction
430  m_session->transaction().start( readMode );
431 }
432 
433 void cond::CredentialStore::startSuperSession( const std::string& connectionString, const std::string& userName, const std::string& password ){
434  std::pair<std::string,std::string> connTokens = openConnection( connectionString );
435  openSession( connTokens.second, userName, password, false );
436 }
437 
438 // open session on the storage
439 void cond::CredentialStore::startSession( bool readMode ){
440  if(!m_serviceData){
441  throwException( "The credential store has not been initialized.","cond::CredentialStore::openConnection" );
442  }
443  const std::string& storeConnectionString = m_serviceData->connectionString;
444 
445  std::pair<std::string,std::string> connTokens = openConnection( storeConnectionString );
446 
447  const std::string& userName = m_serviceData->userName;
448  const std::string& password = m_serviceData->password;
449 
450  openSession( connTokens.second, userName, password, true );
451 
452  coral::ISchema& schema = m_session->nominalSchema();
453  if(!schema.existsTable(COND_AUTHENTICATION_TABLE) ||
454  !schema.existsTable(COND_AUTHORIZATION_TABLE) ||
455  !schema.existsTable(COND_CREDENTIAL_TABLE) ){
456  throwException("Credential database does not exists in \""+storeConnectionString+"\"","CredentialStore::startSession");
457  }
458 
459  const std::string& principalName = m_key.principalName();
460  // now authenticate...
461  PrincipalData princData;
462  if( !selectPrincipal( m_session->nominalSchema(), principalName, princData ) ){
463  throwException( "Invalid credentials provided.(0)",
464  "CredentialStore::openSession");
465  }
466  auth::Cipher cipher0( m_key.principalKey() );
467  std::string verifStr = cipher0.b64decrypt( princData.verifKey );
468  if( verifStr != principalName ){
469  throwException( "Invalid credentials provided (1)",
470  "CredentialStore::openSession");
471  }
472  // ok, authenticated!
473  m_principalId = princData.id;
474  m_principalKey = cipher0.b64decrypt( princData.principalKey );
475 
476  if(!readMode ) {
477 
478  auth::Cipher cipher0( m_principalKey );
479  std::string adminKey = cipher0.b64decrypt( princData.adminKey );
480  if( adminKey != m_principalKey ){
481  // not admin user!
482  throwException( "Provided credentials does not allow admin operation.",
483  "CredentialStore::openSession");
484  }
485 
486  // first find the credentials for WRITING in the security tables
487  std::auto_ptr<coral::IQuery> query(schema.newQuery());
488  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
489  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
490  coral::AttributeList readBuff;
491  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
492  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
493  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
494  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
495  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
496  coral::AttributeList whereData;
497  whereData.extend<int>(P_ID_COL);
498  whereData.extend<std::string>(ROLE_COL);
499  whereData.extend<std::string>(SCHEMA_COL);
500  whereData[ P_ID_COL ].data<int>() = m_principalId;
501  whereData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
502  whereData[ SCHEMA_COL ].data<std::string>() = storeConnectionString;
503  std::stringstream whereClause;
504  whereClause << "AUTHO."<< C_ID_COL << " = CREDS."<<CONNECTION_ID_COL;
505  whereClause << " AND AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
506  whereClause << " AND AUTHO."<< ROLE_COL << " = :"<<ROLE_COL;
507  whereClause << " AND AUTHO."<< SCHEMA_COL << " = :"<<SCHEMA_COL;
508  query->defineOutput(readBuff);
509  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
510  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
511  query->addToOutputList( "CREDS."+USERNAME_COL );
512  query->addToOutputList( "CREDS."+PASSWORD_COL );
513  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
514  query->setCondition( whereClause.str(), whereData );
515  coral::ICursor& cursor = query->execute();
516  bool found = false;
517  std::string writeUserName("");
518  std::string writePassword("");
519  if ( cursor.next() ) {
520  const coral::AttributeList& row = cursor.currentRow();
521  const std::string& connLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
522  const std::string& encryptedConnectionKey = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
523  std::string connectionKey = cipher0.b64decrypt( encryptedConnectionKey );
524  auth::Cipher cipher1( connectionKey );
525  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
526  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
527  const std::string& verificationKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
528  if( cipher1.b64decrypt( verificationKey ) != connLabel ){
529  throwException( "Could not decrypt credentials.Provided key is invalid.",
530  "CredentialStore::startSession");
531  }
532  writeUserName = cipher1.b64decrypt( encryptedUserName );
533  writePassword = cipher1.b64decrypt( encryptedPassword );
534  found = true;
535  }
536  if( ! found ){
537  throwException( "Provided credentials are invalid for write access.",
538  "CredentialStore::openSession");
539  }
540  m_session->transaction().commit();
541  m_session->endUserSession();
542  openSession( connTokens.second, writeUserName, writePassword, false );
543 
544  }
545 }
546 
547 bool cond::CredentialStore::setPermission( int principalId, const std::string& principalKey, const std::string& role, const std::string& connectionString, int connectionId, const std::string& connectionKey ){
548  coral::ISchema& schema = m_session->nominalSchema();
549  auth::Cipher cipher( principalKey );
550  std::string encryptedConnectionKey = cipher.b64encrypt( connectionKey );
551 
552  AuthorizationData authData;
553  bool found = selectAuthorization( schema, principalId, role, connectionString, authData );
554 
555  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
556  if( found ) {
557  coral::AttributeList updateData;
558  updateData.extend<int>( AUTH_ID_COL );
559  updateData.extend<int>( C_ID_COL );
560  updateData.extend<std::string>( AUTH_KEY_COL );
561  updateData[ AUTH_ID_COL ].data<int>() = authData.id;
562  updateData[ C_ID_COL ].data<int>() = connectionId;
563  updateData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
564  std::string setCl = C_ID_COL+" = :"+C_ID_COL + ", "+AUTH_KEY_COL+" = :"+AUTH_KEY_COL;
565  std::string whereCl = AUTH_ID_COL+" = :"+AUTH_ID_COL;
566  editor.updateRows( setCl,whereCl, updateData );
567  } else {
568 
569  int next = -1;
570  if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, next ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::setPermission" );
571 
572  coral::AttributeList insertData;
573  insertData.extend<int>( AUTH_ID_COL );
574  insertData.extend<int>( P_ID_COL );
575  insertData.extend<std::string>( ROLE_COL );
576  insertData.extend<std::string>( SCHEMA_COL );
577  insertData.extend<std::string>( AUTH_KEY_COL );
578  insertData.extend<int>( C_ID_COL );
579  insertData[ AUTH_ID_COL ].data<int>() = next;
580  insertData[ P_ID_COL ].data<int>() = principalId;
581  insertData[ ROLE_COL ].data<std::string>() = role;
582  insertData[ SCHEMA_COL ].data<std::string>() = connectionString;
583  insertData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
584  insertData[ C_ID_COL ].data<int>() = connectionId;
585  editor.insertRow( insertData );
586  }
587  return true;
588 }
589 
590 std::pair<int,std::string> cond::CredentialStore::updateConnection( const std::string& connectionLabel,
591  const std::string& userName,
592  const std::string& password,
593  bool forceUpdate ){
594  coral::ISchema& schema = m_session->nominalSchema();
595  CredentialData credsData;
596  bool found = selectConnection( schema, connectionLabel, credsData );
597  int connId = credsData.id;
598 
599  auth::Cipher adminCipher( m_principalKey );
600  std::string connectionKey("");
601  coral::ITableDataEditor& editor = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
602  if( found ){
603 
604  connectionKey = adminCipher.b64decrypt( credsData.connectionKey );
605  auth::Cipher cipher( connectionKey );
606  std::string verificationKey = cipher.b64decrypt( credsData.verificationKey );
607  if( verificationKey != connectionLabel ){
608  throwException("Decoding of connection key failed.","CredentialStore::updateConnection");
609  }
610  if( forceUpdate ){
611  std::string encryptedUserName = cipher.b64encrypt( userName );
612  std::string encryptedPassword = cipher.b64encrypt( password );
613 
614  coral::AttributeList updateData;
615  updateData.extend<int>( CONNECTION_ID_COL );
616  updateData.extend<std::string>( USERNAME_COL );
617  updateData.extend<std::string>( PASSWORD_COL );
618  updateData[ CONNECTION_ID_COL ].data<int>() = connId;
619  updateData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
620  updateData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
621  std::stringstream setCl;
622  setCl << USERNAME_COL << " = :" << USERNAME_COL;
623  setCl <<", " << PASSWORD_COL << " = :" << PASSWORD_COL;
624  std::string whereCl = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
625  editor.updateRows( setCl.str(),whereCl, updateData );
626  }
627  }
628 
629  if(!found){
630 
631  auth::KeyGenerator gen;
632  connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
633  auth::Cipher cipher( connectionKey );
634  std::string encryptedUserName = cipher.b64encrypt( userName );
635  std::string encryptedPassword = cipher.b64encrypt( password );
636  std::string encryptedLabel = cipher.b64encrypt( connectionLabel );
637 
638  if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::updateConnection" );
639 
640  coral::AttributeList insertData;
641  insertData.extend<int>( CONNECTION_ID_COL );
642  insertData.extend<std::string>( CONNECTION_LABEL_COL );
643  insertData.extend<std::string>( USERNAME_COL );
644  insertData.extend<std::string>( PASSWORD_COL );
645  insertData.extend<std::string>( VERIFICATION_KEY_COL );
646  insertData.extend<std::string>( CONNECTION_KEY_COL );
647  insertData[ CONNECTION_ID_COL ].data<int>() = connId;
648  insertData[ CONNECTION_LABEL_COL ].data<std::string>() = connectionLabel;
649  insertData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
650  insertData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
651  insertData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
652  insertData[ CONNECTION_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;;
653  editor.insertRow( insertData );
654 
655  /***
656  // then set the admin permission on the new connection
657  ora::SequenceManager sequenceMgr2( SEQUENCE_TABLE_NAME,schema );
658  int authId = sequenceMgr2.getNextId( COND_AUTHORIZATION_TABLE, true );
659 
660  coral::ITableDataEditor& authEditor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
661  coral::AttributeList authData;
662  authData.extend<int>( AUTH_ID_COL );
663  authData.extend<int>( P_ID_COL );
664  authData.extend<std::string>( ROLE_COL );
665  authData.extend<std::string>( SCHEMA_COL );
666  authData.extend<std::string>( AUTH_KEY_COL );
667  authData.extend<int>( C_ID_COL );
668  authData[ AUTH_ID_COL ].data<int>() = authId;
669  authData[ P_ID_COL ].data<int>() = m_principalId;
670  authData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
671  authData[ SCHEMA_COL ].data<std::string>() = defaultConnectionString( m_serviceData->connectionString, m_serviceName, userName );
672  authData[ AUTH_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( connectionKey ) ;
673  authData[ C_ID_COL ].data<int>() = connId;
674  authEditor.insertRow( authData );
675  **/
676  }
677  return std::make_pair( connId, connectionKey );
678 }
679 
680 cond::CredentialStore::CredentialStore():
681  m_connection(),
682  m_session(),
683  m_principalId(-1),
684  m_principalKey(""),
685  m_serviceName(""),
686  m_serviceData(0),
687  m_key(){
688 }
689 
690 cond::CredentialStore::~CredentialStore(){
691 }
692 
693 std::string
694 cond::CredentialStore::setUpForService( const std::string& serviceName,
695  const std::string& authPath ){
696  if( serviceName.empty() ){
697  throwException( "Service name has not been provided.","cond::CredentialStore::setUpConnection" );
698  }
699  m_serviceName.clear();
700  m_serviceData = 0;
701 
702  if( authPath.empty() ){
703  throwException( "The authentication Path has not been provided.","cond::CredentialStore::setUpForService" );
704  }
705  boost::filesystem::path fullPath( authPath );
706  if(!boost::filesystem::exists(authPath) || !boost::filesystem::is_directory( authPath )){
707  throwException( "Authentication Path is invalid.","cond::CredentialStore::setUpForService" );
708  }
709  boost::filesystem::path file( auth::DecodingKey::FILE_PATH );
710  fullPath /= file;
711 
712  m_key.init( fullPath.string(), auth::COND_KEY );
713 
714  std::map< std::string, auth::ServiceCredentials >::const_iterator iK = m_key.services().find( serviceName );
715  if( iK == m_key.services().end() ){
716  std::string msg("");
717  msg += "Service \""+serviceName+"\" can't be open with the current key.";
718  throwException( msg,"cond::CredentialStore::setUpConnection" );
719  }
720  m_serviceName = serviceName;
721  m_serviceData = &iK->second;
722  return m_serviceData->connectionString;
723 }
724 
725 std::string
726 cond::CredentialStore::setUpForConnectionString( const std::string& connectionString,
727  const std::string& authPath ){
728  coral::IHandle<coral::IRelationalService> relationalService = coral::Context::instance().query<coral::IRelationalService>();
729  if ( ! relationalService.isValid() ){
730  coral::Context::instance().loadComponent("CORAL/Services/RelationalService");
731  relationalService = coral::Context::instance().query<coral::IRelationalService>();
732  }
733  coral::IRelationalDomain& domain = relationalService->domainForConnection( connectionString );
734  std::pair<std::string,std::string> connTokens = domain.decodeUserConnectionString( connectionString );
735  std::string& serviceName = connTokens.first;
736  return setUpForService( serviceName, authPath );
737 }
738 
739 void addSequence( coral::ISchema& schema, const std::string& name ){
740  // Create the entry in the table
741  coral::AttributeList insertData;
742  insertData.extend<std::string>( SEQUENCE_NAME_COL );
743  insertData.extend<int>(SEQUENCE_VALUE_COL);
744  coral::AttributeList::iterator iAttribute = insertData.begin();
745  iAttribute->data< std::string >() = name;
746  ++iAttribute;
747  iAttribute->data< int >() = -1;
748  schema.tableHandle( SEQUENCE_TABLE_NAME ).dataEditor().insertRow( insertData );
749 }
750 
751 bool
752 cond::CredentialStore::createSchema( const std::string& connectionString, const std::string& userName, const std::string& password ) {
753  CSScopedSession session( *this );
754  session.startSuper( connectionString, userName, password );
755 
756  coral::ISchema& schema = m_session->nominalSchema();
757  if(schema.existsTable(COND_AUTHENTICATION_TABLE)) {
758  throwException("Credential database, already exists.","CredentialStore::create");
759  }
760 
761  coral::TableDescription dseq;
762  dseq.setName( SEQUENCE_TABLE_NAME );
763 
764  dseq.insertColumn( SEQUENCE_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>() );
765  dseq.setNotNullConstraint( SEQUENCE_NAME_COL );
766  dseq.insertColumn( SEQUENCE_VALUE_COL,coral::AttributeSpecification::typeNameForType<int>() );
767  dseq.setNotNullConstraint( SEQUENCE_VALUE_COL );
768  dseq.setPrimaryKey( std::vector< std::string >( 1, SEQUENCE_NAME_COL ) );
769  schema.createTable( dseq );
770 
771  int columnSize = 2000;
772 
773  // authentication table
774 
775  addSequence( schema, COND_AUTHENTICATION_TABLE );
776  coral::TableDescription descr0;
777  descr0.setName( COND_AUTHENTICATION_TABLE );
778  descr0.insertColumn( PRINCIPAL_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
779  descr0.insertColumn( PRINCIPAL_NAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
780  descr0.insertColumn( VERIFICATION_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
781  descr0.insertColumn( PRINCIPAL_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
782  descr0.insertColumn( ADMIN_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
783  descr0.setNotNullConstraint( PRINCIPAL_ID_COL );
784  descr0.setNotNullConstraint( PRINCIPAL_NAME_COL );
785  descr0.setNotNullConstraint( VERIFICATION_COL );
786  descr0.setNotNullConstraint( PRINCIPAL_KEY_COL );
787  descr0.setNotNullConstraint( ADMIN_KEY_COL );
788  std::vector<std::string> columnsUnique;
789  columnsUnique.push_back( PRINCIPAL_NAME_COL);
790  descr0.setUniqueConstraint( columnsUnique );
791  std::vector<std::string> columnsForIndex;
792  columnsForIndex.push_back(PRINCIPAL_ID_COL);
793  descr0.setPrimaryKey( columnsForIndex );
794  schema.createTable( descr0 );
795 
796  // authorization table
797  addSequence( schema, COND_AUTHORIZATION_TABLE );
798  coral::TableDescription descr1;
799  descr1.setName( COND_AUTHORIZATION_TABLE );
800  descr1.insertColumn( AUTH_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
801  descr1.insertColumn( P_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
802  descr1.insertColumn( ROLE_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
803  descr1.insertColumn( SCHEMA_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
804  descr1.insertColumn( AUTH_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
805  descr1.insertColumn( C_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
806  descr1.setNotNullConstraint( AUTH_ID_COL );
807  descr1.setNotNullConstraint( P_ID_COL );
808  descr1.setNotNullConstraint( ROLE_COL );
809  descr1.setNotNullConstraint( SCHEMA_COL );
810  descr1.setNotNullConstraint( AUTH_KEY_COL );
811  descr1.setNotNullConstraint( C_ID_COL );
812  columnsUnique.clear();
813  columnsUnique.push_back( P_ID_COL);
814  columnsUnique.push_back( ROLE_COL);
815  columnsUnique.push_back( SCHEMA_COL);
816  descr1.setUniqueConstraint( columnsUnique );
817  columnsForIndex.clear();
818  columnsForIndex.push_back(AUTH_ID_COL);
819  descr1.setPrimaryKey( columnsForIndex );
820  schema.createTable( descr1 );
821 
822  // credential table
823  addSequence( schema, COND_CREDENTIAL_TABLE );
824  coral::TableDescription descr2;
825  descr2.setName( COND_CREDENTIAL_TABLE );
826  descr2.insertColumn( CONNECTION_ID_COL, coral::AttributeSpecification::typeNameForType<int>());
827  descr2.insertColumn( CONNECTION_LABEL_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
828  descr2.insertColumn( USERNAME_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
829  descr2.insertColumn( PASSWORD_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
830  descr2.insertColumn( VERIFICATION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
831  descr2.insertColumn( CONNECTION_KEY_COL, coral::AttributeSpecification::typeNameForType<std::string>(),columnSize,false);
832  descr2.setNotNullConstraint( CONNECTION_ID_COL );
833  descr2.setNotNullConstraint( CONNECTION_LABEL_COL );
834  descr2.setNotNullConstraint( USERNAME_COL );
835  descr2.setNotNullConstraint( PASSWORD_COL );
836  descr2.setNotNullConstraint( VERIFICATION_KEY_COL );
837  descr2.setNotNullConstraint( CONNECTION_KEY_COL );
838  columnsUnique.clear();
839  columnsUnique.push_back( CONNECTION_LABEL_COL);
840  descr2.setUniqueConstraint( columnsUnique );
841  columnsForIndex.clear();
842  columnsForIndex.push_back(CONNECTION_ID_COL);
843  descr2.setPrimaryKey( columnsForIndex );
844  schema.createTable( descr2 );
845 
846  session.close();
847  return true;
848 }
849 
850 bool
851 cond::CredentialStore::drop( const std::string& connectionString, const std::string& userName, const std::string& password ) {
852  CSScopedSession session( *this );
853  session.startSuper( connectionString, userName, password );
854 
855  coral::ISchema& schema = m_session->nominalSchema();
856  schema.dropIfExistsTable( COND_AUTHORIZATION_TABLE );
857  schema.dropIfExistsTable( COND_CREDENTIAL_TABLE );
858  schema.dropIfExistsTable( COND_AUTHENTICATION_TABLE );
859  schema.dropIfExistsTable(SEQUENCE_TABLE_NAME);
860  session.close();
861  return true;
862 }
863 
864 bool cond::CredentialStore::installAdmin( const std::string& userName, const std::string& password ){
865  if(!m_serviceData){
866  throwException( "The credential store has not been initialized.","cond::CredentialStore::installAdmin" );
867  }
868  const std::string& connectionString = m_serviceData->connectionString;
869  const std::string& principalName = m_key.principalName();
870 
871  CSScopedSession session( *this );
872  session.startSuper( connectionString, userName, password );
873 
874  coral::ISchema& schema = m_session->nominalSchema();
875 
876  PrincipalData princData;
877  bool found = selectPrincipal( schema, principalName, princData );
878 
879  if( found ){
880  std::string msg("Principal \"");
881  msg += principalName + "\" has been installed already.";
882  throwException(msg,"CredentialStore::installAdmin");
883  }
884 
885  auth::KeyGenerator gen;
886  m_principalKey = gen.make( auth::COND_DB_KEY_SIZE );
887 
888  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
889 
890  int principalId = -1;
891  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::installAdmin" );
892 
893  auth::Cipher cipher0( m_key.principalKey() );
894  auth::Cipher cipher1( m_principalKey );
895 
896  coral::AttributeList authData;
897  editor0.rowBuffer(authData);
898  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
899  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
900  authData[ VERIFICATION_COL ].data<std::string>() = cipher0.b64encrypt( principalName );
901  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher0.b64encrypt( m_principalKey );
902  authData[ ADMIN_KEY_COL ].data<std::string>() = cipher1.b64encrypt( m_principalKey );
903  editor0.insertRow( authData );
904 
905  std::string connLabel = schemaLabelForCredentialStore( connectionString );
906  auth::DecodingKey tmpKey;
907  std::string connectionKey = gen.make( auth::COND_DB_KEY_SIZE );
908  std::string encryptedConnectionKey = cipher1.b64encrypt( connectionKey );
909 
910  auth::Cipher cipher2( connectionKey );
911  std::string encryptedUserName = cipher2.b64encrypt( userName );
912  std::string encryptedPassword = cipher2.b64encrypt( password );
913  std::string encryptedLabel = cipher2.b64encrypt( connLabel );
914 
915  int connId = -1;
916  if( !getNextSequenceValue( schema, COND_CREDENTIAL_TABLE, connId ) ) throwException( "Can't find "+COND_CREDENTIAL_TABLE+" sequence.","CredentialStore::installAdmin" );
917 
918  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
919  coral::AttributeList connectionData;
920  editor1.rowBuffer(connectionData);
921  connectionData[ CONNECTION_ID_COL ].data<int>() = connId;
922  connectionData[ CONNECTION_LABEL_COL ].data<std::string>() = connLabel;
923  connectionData[ USERNAME_COL ].data<std::string>() = encryptedUserName;
924  connectionData[ PASSWORD_COL ].data<std::string>() = encryptedPassword;
925  connectionData[ VERIFICATION_KEY_COL ].data<std::string>() = encryptedLabel;
926  connectionData[ CONNECTION_KEY_COL ].data<std::string>() = encryptedConnectionKey;
927  editor1.insertRow( connectionData );
928 
929  int authId = -1;
930  if( !getNextSequenceValue( schema, COND_AUTHORIZATION_TABLE, authId ) ) throwException( "Can't find "+COND_AUTHORIZATION_TABLE+" sequence.","CredentialStore::installAdmin" );
931 
932  coral::ITableDataEditor& editor2 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
933  coral::AttributeList permissionData;
934  editor2.rowBuffer(permissionData);
935  permissionData[ AUTH_ID_COL ].data<int>() = authId;
936  permissionData[ P_ID_COL ].data<int>() = principalId;
937  permissionData[ ROLE_COL ].data<std::string>() = auth::COND_ADMIN_ROLE;
938  permissionData[ SCHEMA_COL ].data<std::string>() = connectionString;
939  permissionData[ AUTH_KEY_COL ].data<std::string>() = encryptedConnectionKey;
940  permissionData[ C_ID_COL ].data<int>() = connId;
941  editor2.insertRow( permissionData );
942 
943  session.close();
944  return true;
945 }
946 
947 bool cond::CredentialStore::updatePrincipal( const std::string& principalName,
948  const std::string& authenticationKey,
949  bool setAdmin ){
950  CSScopedSession session( *this );
951  session.start( false );
952 
953  coral::ISchema& schema = m_session->nominalSchema();
954 
955  PrincipalData princData;
956  bool found = selectPrincipal( schema, principalName, princData );
957 
958  auth::Cipher adminCipher( m_principalKey );
959  auth::Cipher cipher( authenticationKey );
960  std::string verifStr = cipher.b64encrypt( principalName );
961  std::string principalKey("");
962  if( setAdmin ) principalKey = m_principalKey;
963  int principalId = princData.id;
964 
965  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
966  if( found ){
967  if( principalKey.empty() ) principalKey = adminCipher.b64decrypt( princData.adminKey );
968  coral::AttributeList updateData;
969  updateData.extend<int>( PRINCIPAL_ID_COL );
970  updateData.extend<std::string>( VERIFICATION_COL );
971  updateData.extend<std::string>( PRINCIPAL_KEY_COL );
972  updateData.extend<std::string>( ADMIN_KEY_COL );
973  updateData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
974  updateData[ VERIFICATION_COL ].data<std::string>() = verifStr;
975  updateData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
976  updateData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
977  std::stringstream setClause;
978  setClause << VERIFICATION_COL <<" = :" <<VERIFICATION_COL <<", ";
979  setClause << PRINCIPAL_KEY_COL << " = :" << PRINCIPAL_KEY_COL <<", ";
980  setClause << ADMIN_KEY_COL << " = :" << ADMIN_KEY_COL;
981  std::string whereClause = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
982  editor.updateRows( setClause.str(),whereClause, updateData );
983  } else {
984  if( principalKey.empty() ) {
985  auth::KeyGenerator gen;
986  principalKey = gen.make( auth::COND_DB_KEY_SIZE );
987  }
988 
989  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
990 
991  if( !getNextSequenceValue( schema, COND_AUTHENTICATION_TABLE, principalId ) ) throwException( "Can't find "+COND_AUTHENTICATION_TABLE+" sequence.","CredentialStore::updatePrincipal" );
992 
993  coral::AttributeList authData;
994  editor0.rowBuffer(authData);
995  authData[ PRINCIPAL_ID_COL ].data<int>() = principalId;
996  authData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
997  authData[ VERIFICATION_COL ].data<std::string>() = cipher.b64encrypt( principalName );
998  authData[ PRINCIPAL_KEY_COL ].data<std::string>() = cipher.b64encrypt( principalKey );
999  authData[ ADMIN_KEY_COL ].data<std::string>() = adminCipher.b64encrypt( principalKey );
1000  editor0.insertRow( authData );
1001  }
1002 
1003  if(setAdmin){
1004  std::string connString = m_serviceData->connectionString;
1005  std::string connLabel = schemaLabelForCredentialStore( connString );
1006  CredentialData credsData;
1007  bool found = selectConnection( schema, connLabel, credsData );
1008  if(!found){
1009  throwException("Credential Store connection has not been defined.","CredentialStore::updatePrincipal");
1010  }
1011  setPermission( principalId, principalKey, auth::COND_ADMIN_ROLE, connString, credsData.id, adminCipher.b64decrypt( credsData.connectionKey ) );
1012  }
1013 
1014  session.close();
1015  return true;
1016 }
1017 
1018 
1019 bool cond::CredentialStore::setPermission( const std::string& principal,
1020  const std::string& role,
1021  const std::string& connectionString,
1022  const std::string& connectionLabel ){
1023  CSScopedSession session( *this );
1024  session.start( false );
1025 
1026  coral::ISchema& schema = m_session->nominalSchema();
1027 
1028  PrincipalData princData;
1029  bool found = selectPrincipal( schema, principal, princData );
1030 
1031  if( ! found ){
1032  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1033  throwException( msg, "CredentialStore::setPermission");
1034  }
1035 
1036  CredentialData credsData;
1037  found = selectConnection( schema, connectionLabel, credsData );
1038 
1039  if( ! found ){
1040  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1041  throwException( msg, "CredentialStore::setPermission");
1042  }
1043 
1044  auth::Cipher cipher( m_principalKey );
1045  bool ret = setPermission( princData.id, cipher.b64decrypt( princData.adminKey), role, connectionString, credsData.id, cipher.b64decrypt( credsData.connectionKey ) );
1046  session.close();
1047  return ret;
1048 }
1049 
1050 bool cond::CredentialStore::unsetPermission( const std::string& principal,
1051  const std::string& role,
1052  const std::string& connectionString ){
1053  CSScopedSession session( *this );
1054  session.start( false );
1055  coral::ISchema& schema = m_session->nominalSchema();
1056 
1057  PrincipalData princData;
1058  bool found = selectPrincipal( schema, principal, princData );
1059 
1060  if( ! found ){
1061  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1062  throwException( msg, "CredentialStore::unsetPermission");
1063  }
1064 
1065  coral::ITableDataEditor& editor = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1066  coral::AttributeList deleteData;
1067  deleteData.extend<int>( P_ID_COL );
1068  deleteData.extend<std::string>( ROLE_COL );
1069  deleteData.extend<std::string>( SCHEMA_COL );
1070  deleteData[ P_ID_COL ].data<int>() = princData.id;
1071  deleteData[ ROLE_COL ].data<std::string>() = role;
1072  deleteData[ SCHEMA_COL ].data<std::string>() = connectionString;
1073  std::stringstream whereClause;
1074  whereClause << P_ID_COL+" = :"+P_ID_COL;
1075  whereClause << " AND "<< ROLE_COL <<" = :"<<ROLE_COL;
1076  whereClause << " AND "<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1077  editor.deleteRows( whereClause.str(), deleteData );
1078  session.close();
1079  return true;
1080 }
1081 
1082 bool cond::CredentialStore::updateConnection( const std::string& connectionLabel,
1083  const std::string& userName,
1084  const std::string& password ){
1085  CSScopedSession session( *this );
1086  session.start( false );
1087 
1088  m_session->transaction().start();
1089 
1090  updateConnection( connectionLabel,userName, password, true );
1091 
1092  session.close();
1093  return true;
1094 }
1095 
1096 bool cond::CredentialStore::removePrincipal( const std::string& principal ){
1097  CSScopedSession session( *this );
1098  session.start( false );
1099  coral::ISchema& schema = m_session->nominalSchema();
1100 
1101  PrincipalData princData;
1102  bool found = selectPrincipal( schema, principal, princData );
1103 
1104  if( ! found ){
1105  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1106  throwException( msg, "CredentialStore::removePrincipal");
1107  }
1108 
1109  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1110 
1111  coral::AttributeList deleteData0;
1112  deleteData0.extend<int>( P_ID_COL );
1113  deleteData0[ P_ID_COL ].data<int>() = princData.id;
1114  std::string whereClause0 = P_ID_COL+" = :"+P_ID_COL;
1115  editor0.deleteRows( whereClause0 , deleteData0 );
1116 
1117  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_AUTHENTICATION_TABLE).dataEditor();
1118 
1119  coral::AttributeList deleteData1;
1120  deleteData1.extend<int>( PRINCIPAL_ID_COL );
1121  deleteData1[ PRINCIPAL_ID_COL ].data<int>() = princData.id;
1122  std::string whereClause1 = PRINCIPAL_ID_COL+" = :"+PRINCIPAL_ID_COL;
1123  editor1.deleteRows( whereClause1 , deleteData1 );
1124 
1125  session.close();
1126 
1127  return true;
1128 }
1129 
1130 bool cond::CredentialStore::removeConnection( const std::string& connectionLabel ){
1131  CSScopedSession session( *this );
1132  session.start( false );
1133  coral::ISchema& schema = m_session->nominalSchema();
1134 
1135  CredentialData credsData;
1136  bool found = selectConnection( schema, connectionLabel, credsData );
1137 
1138  if( ! found ){
1139  std::string msg = "Connection named \"" + connectionLabel + "\" does not exist in the database.";
1140  throwException( msg, "CredentialStore::removeConnection");
1141  }
1142 
1143  coral::ITableDataEditor& editor0 = schema.tableHandle(COND_AUTHORIZATION_TABLE).dataEditor();
1144 
1145  coral::AttributeList deleteData0;
1146  deleteData0.extend<int>( C_ID_COL );
1147  deleteData0[ C_ID_COL ].data<int>() = credsData.id;
1148  std::string whereClause0 = C_ID_COL+" = :"+C_ID_COL;
1149  editor0.deleteRows( whereClause0 , deleteData0 );
1150 
1151  coral::ITableDataEditor& editor1 = schema.tableHandle(COND_CREDENTIAL_TABLE).dataEditor();
1152 
1153  coral::AttributeList deleteData1;
1154  deleteData1.extend<int>( CONNECTION_ID_COL );
1155  deleteData1[ CONNECTION_ID_COL ].data<int>() = credsData.id;
1156  std::string whereClause1 = CONNECTION_ID_COL+" = :"+CONNECTION_ID_COL;
1157  editor1.deleteRows( whereClause1 , deleteData1 );
1158 
1159  session.close();
1160 
1161  return true;
1162 }
1163 
1164 bool cond::CredentialStore::selectForUser( coral_bridge::AuthenticationCredentialSet& destinationData ){
1165  CSScopedSession session( *this );
1166  session.start( true );
1167  coral::ISchema& schema = m_session->nominalSchema();
1168 
1169  auth::Cipher cipher( m_principalKey );
1170 
1171  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1172  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1173  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1174  coral::AttributeList readBuff;
1175  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1176  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1177  readBuff.extend<std::string>("AUTHO."+AUTH_KEY_COL);
1178  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1179  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1180  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1181  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1182  coral::AttributeList whereData;
1183  whereData.extend<int>(P_ID_COL);
1184  whereData[ P_ID_COL ].data<int>() = m_principalId;
1185  std::stringstream whereClause;
1186  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1187  whereClause << " AND " << "AUTHO."<< P_ID_COL << " = :"<<P_ID_COL;
1188  query->defineOutput(readBuff);
1189  query->addToOutputList( "AUTHO."+ROLE_COL );
1190  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1191  query->addToOutputList( "AUTHO."+AUTH_KEY_COL );
1192  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1193  query->addToOutputList( "CREDS."+USERNAME_COL );
1194  query->addToOutputList( "CREDS."+PASSWORD_COL );
1195  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1196  query->setCondition( whereClause.str(), whereData );
1197  coral::ICursor& cursor = query->execute();
1198  while ( cursor.next() ) {
1199  const coral::AttributeList& row = cursor.currentRow();
1200  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1201  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1202  const std::string& encryptedAuthKey = row[ "AUTHO."+AUTH_KEY_COL ].data<std::string>();
1203  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1204  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL ].data<std::string>();
1205  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL ].data<std::string>();
1206  const std::string& encryptedLabel = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1207  std::string authKey = cipher.b64decrypt( encryptedAuthKey );
1208  auth::Cipher connCipher( authKey );
1209  if( connCipher.b64decrypt( encryptedLabel ) == connectionLabel ){
1210  destinationData.registerCredentials( connectionString, role, connCipher.b64decrypt( encryptedUserName ), connCipher.b64decrypt( encryptedPassword ) );
1211  }
1212  }
1213  session.close();
1214  return true;
1215 }
1216 
1217 bool cond::CredentialStore::importForPrincipal( const std::string& principal,
1218  const coral_bridge::AuthenticationCredentialSet& dataSource,
1219  bool forceUpdateConnection ){
1220  CSScopedSession session( *this );
1221  session.start( false );
1222  coral::ISchema& schema = m_session->nominalSchema();
1223 
1224  PrincipalData princData;
1225  bool found = selectPrincipal( schema, principal, princData );
1226 
1227  if( ! found ){
1228  std::string msg = "Principal \"" + principal + "\" does not exist in the database.";
1229  throwException( msg, "CredentialStore::importForPrincipal");
1230  }
1231 
1232  bool imported = false;
1233  auth::Cipher cipher( m_principalKey );
1234  std::string princKey = cipher.b64decrypt( princData.adminKey);
1235 
1236  const std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >& creds = dataSource.data();
1237  for( std::map< std::pair<std::string,std::string>, coral::AuthenticationCredentials* >::const_iterator iConn = creds.begin(); iConn != creds.end(); ++iConn ){
1238  const std::string& connectionString = iConn->first.first;
1239  coral::URIParser parser;
1240  parser.setURI( connectionString );
1241  std::string serviceName = parser.hostName();
1242  const std::string& role = iConn->first.second;
1243  std::string userName = iConn->second->valueForItem( coral::IAuthenticationCredentials::userItem() );
1244  std::string password = iConn->second->valueForItem( coral::IAuthenticationCredentials::passwordItem());
1245  // first import the connections
1246  std::pair<int,std::string> conn = updateConnection( schemaLabel( serviceName, userName ), userName, password, forceUpdateConnection );
1247  auth::Cipher cipher( m_principalKey );
1248  // than set the permission for the specific role
1249  setPermission( princData.id, princKey, role, connectionString, conn.first, conn.second );
1250  imported = true;
1251  }
1252  session.close();
1253  return imported;
1254 }
1255 
1256 bool cond::CredentialStore::listPrincipals( std::vector<std::string>& destination ){
1257 
1258  CSScopedSession session( *this );
1259  session.start( true );
1260  coral::ISchema& schema = m_session->nominalSchema();
1261 
1262  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_AUTHENTICATION_TABLE).newQuery());
1263  coral::AttributeList readBuff;
1264  readBuff.extend<std::string>(PRINCIPAL_NAME_COL);
1265  query->defineOutput(readBuff);
1266  query->addToOutputList( PRINCIPAL_NAME_COL );
1267  coral::ICursor& cursor = query->execute();
1268  bool found = false;
1269  while ( cursor.next() ) {
1270  found = true;
1271  const coral::AttributeList& row = cursor.currentRow();
1272  destination.push_back( row[ PRINCIPAL_NAME_COL ].data<std::string>() );
1273  }
1274  session.close();
1275  return found;
1276 }
1277 
1278 
1279 bool cond::CredentialStore::listConnections( std::map<std::string,std::pair<std::string,std::string> >& destination ){
1280  CSScopedSession session( *this );
1281  session.start( true );
1282  coral::ISchema& schema = m_session->nominalSchema();
1283 
1284  std::auto_ptr<coral::IQuery> query(schema.tableHandle(COND_CREDENTIAL_TABLE).newQuery());
1285  coral::AttributeList readBuff;
1286  readBuff.extend<std::string>( CONNECTION_LABEL_COL );
1287  readBuff.extend<std::string>( USERNAME_COL );
1288  readBuff.extend<std::string>( PASSWORD_COL );
1289  readBuff.extend<std::string>( VERIFICATION_KEY_COL );
1290  readBuff.extend<std::string>( CONNECTION_KEY_COL );
1291  query->defineOutput(readBuff);
1292  query->addToOutputList( CONNECTION_LABEL_COL );
1293  query->addToOutputList( USERNAME_COL );
1294  query->addToOutputList( PASSWORD_COL );
1295  query->addToOutputList( VERIFICATION_KEY_COL );
1296  query->addToOutputList( CONNECTION_KEY_COL );
1297  coral::ICursor& cursor = query->execute();
1298  bool found = false;
1299  auth::Cipher cipher0(m_principalKey );
1300  while ( cursor.next() ) {
1301  std::string userName("");
1302  std::string password("");
1303  const coral::AttributeList& row = cursor.currentRow();
1304  const std::string& connLabel = row[ CONNECTION_LABEL_COL].data<std::string>();
1305  const std::string& encryptedKey = row[ CONNECTION_KEY_COL].data<std::string>();
1306  const std::string& encryptedVerif = row[ VERIFICATION_KEY_COL].data<std::string>();
1307  std::string connKey = cipher0.b64decrypt( encryptedKey );
1308  auth::Cipher cipher1( connKey );
1309  std::string verif = cipher1.b64decrypt( encryptedVerif );
1310  if( verif == connLabel ){
1311  const std::string& encryptedUserName = row[ USERNAME_COL].data<std::string>();
1312  const std::string& encryptedPassword = row[ PASSWORD_COL].data<std::string>();
1313  userName = cipher1.b64decrypt( encryptedUserName );
1314  password = cipher1.b64decrypt( encryptedPassword );
1315  }
1316  destination.insert( std::make_pair( connLabel, std::make_pair( userName, password ) ) );
1317  found = true;
1318  }
1319  session.close();
1320  return found;
1321 }
1322 
1323 bool cond::CredentialStore::selectPermissions( const std::string& principalName,
1324  const std::string& role,
1325  const std::string& connectionString,
1326  std::vector<Permission>& destination ){
1327  CSScopedSession session( *this );
1328  session.start( true );
1329  coral::ISchema& schema = m_session->nominalSchema();
1330  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1331  query->addToTableList(COND_AUTHENTICATION_TABLE, "AUTHE");
1332  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1333  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1334  coral::AttributeList readBuff;
1335  readBuff.extend<std::string>("AUTHE."+PRINCIPAL_NAME_COL);
1336  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1337  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1338  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1339  coral::AttributeList whereData;
1340  std::stringstream whereClause;
1341  whereClause << "AUTHE."<< PRINCIPAL_ID_COL << "= AUTHO."<< P_ID_COL;
1342  whereClause << " AND AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1343  if( !principalName.empty() ){
1344  whereData.extend<std::string>(PRINCIPAL_NAME_COL);
1345  whereData[ PRINCIPAL_NAME_COL ].data<std::string>() = principalName;
1346  whereClause << " AND AUTHE."<< PRINCIPAL_NAME_COL <<" = :"<<PRINCIPAL_NAME_COL;
1347  }
1348  if( !role.empty() ){
1349  whereData.extend<std::string>(ROLE_COL);
1350  whereData[ ROLE_COL ].data<std::string>() = role;
1351  whereClause << " AND AUTHO."<< ROLE_COL <<" = :"<<ROLE_COL;
1352  }
1353  if( !connectionString.empty() ){
1354  whereData.extend<std::string>(SCHEMA_COL);
1355  whereData[ SCHEMA_COL ].data<std::string>() = connectionString;
1356  whereClause << " AND AUTHO."<< SCHEMA_COL <<" = :"<<SCHEMA_COL;
1357  }
1358 
1359  query->defineOutput(readBuff);
1360  query->addToOutputList( "AUTHE."+PRINCIPAL_NAME_COL );
1361  query->addToOutputList( "AUTHO."+ROLE_COL );
1362  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1363  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1364  query->setCondition( whereClause.str(), whereData );
1365  query->addToOrderList( "AUTHO."+SCHEMA_COL );
1366  query->addToOrderList( "AUTHE."+PRINCIPAL_NAME_COL );
1367  query->addToOrderList( "AUTHO."+ROLE_COL );
1368  coral::ICursor& cursor = query->execute();
1369  bool found = false;
1370  while ( cursor.next() ) {
1371  const coral::AttributeList& row = cursor.currentRow();
1372  destination.resize( destination.size()+1 );
1373  Permission& perm = destination.back();
1374  perm.principalName = row[ "AUTHE."+PRINCIPAL_NAME_COL ].data<std::string>();
1375  perm.role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1376  perm.connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1377  perm.connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1378  found = true;
1379  }
1380  session.close();
1381  return found;
1382 }
1383 
1384 bool cond::CredentialStore::exportAll( coral_bridge::AuthenticationCredentialSet& data ){
1385  CSScopedSession session( *this );
1386  session.start( true );
1387  coral::ISchema& schema = m_session->nominalSchema();
1388  std::auto_ptr<coral::IQuery> query(schema.newQuery());
1389  query->addToTableList(COND_AUTHORIZATION_TABLE, "AUTHO");
1390  query->addToTableList(COND_CREDENTIAL_TABLE, "CREDS");
1391  coral::AttributeList readBuff;
1392  readBuff.extend<std::string>("AUTHO."+ROLE_COL);
1393  readBuff.extend<std::string>("AUTHO."+SCHEMA_COL);
1394  readBuff.extend<std::string>("CREDS."+CONNECTION_LABEL_COL);
1395  readBuff.extend<std::string>("CREDS."+VERIFICATION_KEY_COL);
1396  readBuff.extend<std::string>("CREDS."+CONNECTION_KEY_COL);
1397  readBuff.extend<std::string>("CREDS."+USERNAME_COL);
1398  readBuff.extend<std::string>("CREDS."+PASSWORD_COL);
1399  coral::AttributeList whereData;
1400  std::stringstream whereClause;
1401  whereClause << "AUTHO."<< C_ID_COL << "="<<"CREDS."<<CONNECTION_ID_COL;
1402 
1403  query->defineOutput(readBuff);
1404  query->addToOutputList( "AUTHO."+ROLE_COL );
1405  query->addToOutputList( "AUTHO."+SCHEMA_COL );
1406  query->addToOutputList( "CREDS."+CONNECTION_LABEL_COL );
1407  query->addToOutputList( "CREDS."+VERIFICATION_KEY_COL );
1408  query->addToOutputList( "CREDS."+CONNECTION_KEY_COL );
1409  query->addToOutputList( "CREDS."+USERNAME_COL );
1410  query->addToOutputList( "CREDS."+PASSWORD_COL );
1411  query->setCondition( whereClause.str(), whereData );
1412  coral::ICursor& cursor = query->execute();
1413  bool found = false;
1414  auth::Cipher cipher0( m_principalKey );
1415  while ( cursor.next() ) {
1416  const coral::AttributeList& row = cursor.currentRow();
1417  const std::string& role = row[ "AUTHO."+ROLE_COL ].data<std::string>();
1418  const std::string& connectionString = row[ "AUTHO."+SCHEMA_COL ].data<std::string>();
1419  const std::string& connectionLabel = row[ "CREDS."+CONNECTION_LABEL_COL ].data<std::string>();
1420  const std::string& encryptedVerifKey = row[ "CREDS."+VERIFICATION_KEY_COL ].data<std::string>();
1421  const std::string& encryptedConnection = row[ "CREDS."+CONNECTION_KEY_COL ].data<std::string>();
1422  std::string userName("");
1423  std::string password("");
1424  std::string connectionKey = cipher0.b64decrypt( encryptedConnection );
1425  auth::Cipher cipher1( connectionKey );
1426  std::string verifKey = cipher1.b64decrypt( encryptedVerifKey );
1427  if( verifKey == connectionLabel ){
1428  const std::string& encryptedUserName = row[ "CREDS."+USERNAME_COL].data<std::string>();
1429  const std::string& encryptedPassword = row[ "CREDS."+PASSWORD_COL].data<std::string>();
1430  userName = cipher1.b64decrypt( encryptedUserName );
1431  password = cipher1.b64decrypt( encryptedPassword );
1432  }
1433  data.registerCredentials( connectionString, role, userName, password );
1434  found = true;
1435  }
1436  session.close();
1437  return found;
1438 }
1439 
1440 const std::string& cond::CredentialStore::keyPrincipalName (){
1441  return m_key.principalName();
1442 }
1443 
1444 
cond::CSScopedSession::CSScopedSession
CSScopedSession(CredentialStore &store)
Definition: CredentialStore.cc:182
cond::CredentialStore::keyPrincipalName
const std::string & keyPrincipalName()
Definition: CredentialStore.cc:1440
runTheMatrix.ret
tuple ret
prodAgent to be discontinued
Definition: runTheMatrix.py:261
coral_bridge::AuthenticationCredentialSet::m_data
std::map< std::pair< std::string, std::string >, coral::AuthenticationCredentials * > m_data
credentials for the specific roles
Definition: CredentialStore.h:70
coral_bridge::AuthenticationCredentialSet::import
void import(const AuthenticationCredentialSet &data)
Definition: CredentialStore.cc:90
SEQUENCE_VALUE_COL
static const std::string SEQUENCE_VALUE_COL("VALUE")
coral_bridge::AuthenticationCredentialSet
Definition: CredentialStore.h:23
cond::CredentialStore::updatePrincipal
bool updatePrincipal(const std::string &principal, const std::string &principalKey, bool setAdmin=false)
Definition: CredentialStore.cc:947
cond::CredentialStore::CredentialStore
CredentialStore()
Standard Constructor.
Definition: CredentialStore.cc:680
ROLE_COL
static const std::string ROLE_COL("C_ROLE")
coral_bridge::AuthenticationCredentialSet::~AuthenticationCredentialSet
virtual ~AuthenticationCredentialSet()
Destructor.
Definition: CredentialStore.cc:36
instance
static PFTauRenderPlugin instance
Definition: PFTauRenderPlugin.cc:70
dataDML.schema
tuple schema
Definition: dataDML.py:2334
cond::CredentialStore::removeConnection
bool removeConnection(const std::string &connectionLabel)
Definition: CredentialStore.cc:1130
cond::CredentialStore::openSession
void openSession(const std::string &schemaName, const std::string &userName, const std::string &password, bool readMode)
Definition: CredentialStore.cc:424
SCHEMA_COL
static const std::string SCHEMA_COL("C_SCHEMA")
coral_bridge::AuthenticationCredentialSet::AuthenticationCredentialSet
AuthenticationCredentialSet()
Constructor.
Definition: CredentialStore.cc:32
cond::CredentialStore::listConnections
bool listConnections(std::map< std::string, std::pair< std::string, std::string > > &destination)
Definition: CredentialStore.cc:1279
getNextSequenceValue
bool getNextSequenceValue(coral::ISchema &schema, const std::string &sequenceName, int &value)
Definition: CredentialStore.cc:356
cond::CSScopedSession::start
void start(bool readOnly=true)
Definition: CredentialStore.cc:190
COND_AUTHENTICATION_TABLE
static const std::string COND_AUTHENTICATION_TABLE("COND_AUTHENTICATION")
TrackCollections2monitor_cff.sequenceName
dictionary sequenceName
Definition: TrackCollections2monitor_cff.py:5
visualization-live-secondInstance_cfg.msg
string msg
Definition: visualization-live-secondInstance_cfg.py:16
SEQUENCE_TABLE_NAME
static const std::string SEQUENCE_TABLE_NAME("COND_CREDENTIAL_SEQUENCE")
COND_AUTHORIZATION_TABLE
static const std::string COND_AUTHORIZATION_TABLE("COND_AUTHORIZATION")
cond::CSScopedSession::startSuper
void startSuper(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:187
serviceName
static const std::string serviceName
Definition: CredentialStore.cc:30
cond::CSScopedSession::m_store
CredentialStore & m_store
Definition: CredentialStore.cc:198
cond::throwException
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:21
PASSWORD_COL
static const std::string PASSWORD_COL("CRED5")
AlCaHLTBitMon_QueryRunRegistry.string
string string
Definition: AlCaHLTBitMon_QueryRunRegistry.py:255
COND_CREDENTIAL_TABLE
static const std::string COND_CREDENTIAL_TABLE("COND_CREDENTIAL")
cond::CredentialStore::closeSession
void closeSession(bool commit=true)
Definition: CredentialStore.cc:337
CONNECTION_KEY_COL
static const std::string CONNECTION_KEY_COL("CRED7")
relval_steps.gen
def gen
Definition: relval_steps.py:196
coral_bridge::AuthenticationCredentialSet::registerItem
void registerItem(const std::string &connectionString, const std::string &itemName, const std::string &itemValue)
Definition: CredentialStore.cc:47
coral_bridge::AuthenticationCredentialSet::data
const std::map< std::pair< std::string, std::string >, coral::AuthenticationCredentials * > & data() const
Definition: CredentialStore.cc:116
ADMIN_KEY_COL
static const std::string ADMIN_KEY_COL("CRED2")
VERIFICATION_KEY_COL
static const std::string VERIFICATION_KEY_COL("CRED6")
cond::CredentialStore::startSession
void startSession(bool readMode)
Definition: CredentialStore.cc:439
cond::CredentialStore::updateConnection
bool updateConnection(const std::string &connectionLabel, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:1082
cond::CredentialStore::createSchema
bool createSchema(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:752
cond::auth::COND_ADMIN_ROLE
static constexpr const char *const COND_ADMIN_ROLE
Definition: Auth.h:18
cond::CredentialStore::exportAll
bool exportAll(coral_bridge::AuthenticationCredentialSet &data)
Definition: CredentialStore.cc:1384
cond::schemaLabel
std::string schemaLabel(const std::string &serviceName, const std::string &userName)
Definition: CredentialStore.cc:164
cond::auth::COND_DB_KEY_SIZE
static constexpr unsigned int COND_DB_KEY_SIZE
Definition: Auth.h:25
cond::CredentialStore::listPrincipals
bool listPrincipals(std::vector< std::string > &destination)
Definition: CredentialStore.cc:1256
cond::selectConnection
bool selectConnection(coral::ISchema &schema, const std::string &connectionLabel, CredentialData &destination)
Definition: CredentialStore.cc:257
cond::CredentialStore::setUpForConnectionString
std::string setUpForConnectionString(const std::string &connectionString, const std::string &authPath)
Definition: CredentialStore.cc:726
VERIFICATION_COL
static const std::string VERIFICATION_COL("CRED0")
SEQUENCE_NAME_COL
static const std::string SEQUENCE_NAME_COL("NAME")
cond::CredentialStore::addUser
int addUser(const std::string &principalName, const std::string &authenticationKey, const std::string &principalKey, const std::string &adminKey)
Definition: CredentialStore.cc:389
cond::CredentialStore::setUpForService
std::string setUpForService(const std::string &serviceName, const std::string &authPath)
Sets the initialization parameters.
Definition: CredentialStore.cc:694
cond::CredentialStore::importForPrincipal
bool importForPrincipal(const std::string &principal, const coral_bridge::AuthenticationCredentialSet &data, bool forceUpdateConnection=false)
import data
Definition: CredentialStore.cc:1217
USERNAME_COL
static const std::string USERNAME_COL("CRED4")
relval_steps.key
string key
FastSim: produces sample of signal events, overlayed with premixed minbias events.
Definition: relval_steps.py:638
cond::selectPrincipal
bool selectPrincipal(coral::ISchema &schema, const std::string &principal, PrincipalData &destination)
Definition: CredentialStore.cc:213
coral_bridge::AuthenticationCredentialSet::reset
void reset()
Definition: CredentialStore.cc:40
cond::CredentialStore::setPermission
bool setPermission(const std::string &principal, const std::string &role, const std::string &connectionString, const std::string &connectionLabel)
Definition: CredentialStore.cc:1019
cond::CredentialStore::~CredentialStore
virtual ~CredentialStore()
Standard Destructor.
Definition: CredentialStore.cc:690
cond::schemaLabelForCredentialStore
std::string schemaLabelForCredentialStore(const std::string &connectionString)
Definition: CredentialStore.cc:172
cond::CredentialStore::selectForUser
bool selectForUser(coral_bridge::AuthenticationCredentialSet &destinationData)
Definition: CredentialStore.cc:1164
CONNECTION_ID_COL
static const std::string CONNECTION_ID_COL("CONN_ID")
cond::selectAuthorization
bool selectAuthorization(coral::ISchema &schema, int principalId, const std::string &role, const std::string &connectionString, AuthorizationData &destination)
Definition: CredentialStore.cc:301
autoCondHLT.connectionString
string connectionString
Definition: autoCondHLT.py:4
cond::CredentialStore::removePrincipal
bool removePrincipal(const std::string &principal)
Definition: CredentialStore.cc:1096
cond::CredentialStore::startSuperSession
void startSuperSession(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:433
PRINCIPAL_ID_COL
static const std::string PRINCIPAL_ID_COL("P_ID")
cond::CredentialStore::installAdmin
bool installAdmin(const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:864
idDealer.editor
tuple editor
Definition: idDealer.py:73
fed_dqm_sourceclient-live_cfg.path
string path
Definition: fed_dqm_sourceclient-live_cfg.py:33
cond::auth::KeyGenerator::make
std::string make(size_t keySize)
Definition: DecodingKey.cc:74
cond::CredentialStore::selectPermissions
bool selectPermissions(const std::string &principalName, const std::string &role, const std::string &connectionString, std::vector< Permission > &destination)
Definition: CredentialStore.cc:1323
mps_alisetup.parser
tuple parser
Definition: mps_alisetup.py:83
cond::auth::Cipher::b64encrypt
std::string b64encrypt(const std::string &input)
Definition: Cipher.cc:105
AUTH_ID_COL
static const std::string AUTH_ID_COL("AUTH_ID")
coral_bridge::AuthenticationCredentialSet::registerCredentials
void registerCredentials(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:68
DEFAULT_DATA_SOURCE
const std::string DEFAULT_DATA_SOURCE("Cond_Default_Authentication")
cond::CredentialStore::openConnection
std::pair< std::string, std::string > openConnection(const std::string &connectionString)
Definition: CredentialStore.cc:411
data
char data[epos_bytes_allocation]
Definition: EPOS_Wrapper.h:82
coral_bridge::AuthenticationCredentialSet::get
const coral::IAuthenticationCredentials * get(const std::string &connectionString) const
Definition: CredentialStore.cc:99
addSequence
void addSequence(coral::ISchema &schema, const std::string &name)
Definition: CredentialStore.cc:739
cond::CredentialStore::drop
bool drop(const std::string &connectionString, const std::string &userName, const std::string &password)
Definition: CredentialStore.cc:851
PRINCIPAL_KEY_COL
static const std::string PRINCIPAL_KEY_COL("CRED1")
o2o.query
tuple query
Definition: o2o.py:269
GetRecoTauVFromDQM_MC_cff.next
tuple next
Definition: GetRecoTauVFromDQM_MC_cff.py:30
P_ID_COL
static const std::string P_ID_COL("P_ID")
cond::auth::DecodingKey::FILE_PATH
static constexpr const char *const FILE_PATH
Definition: DecodingKey.h:39
models.session
session
Definition: models.py:201
builder_last_value_cfg.authPath
tuple authPath
Definition: builder_last_value_cfg.py:123
CONNECTION_LABEL_COL
static const std::string CONNECTION_LABEL_COL("CONN_LABEL")
reset
void reset(double vett[256])
Definition: TPedValues.cc:11
cond::persistency::throwException
void throwException(const std::string &message, const std::string &methodName)
Definition: Exception.cc:14
cond::CredentialStore::unsetPermission
bool unsetPermission(const std::string &principal, const std::string &role, const std::string &connectionString)
Definition: CredentialStore.cc:1050
C_ID_COL
static const std::string C_ID_COL("C_ID")
cond::auth::COND_KEY
static constexpr const char *const COND_KEY
Definition: Auth.h:22
cond::auth::Cipher::b64decrypt
std::string b64decrypt(const std::string &input)
Definition: Cipher.cc:117
AUTH_KEY_COL
static const std::string AUTH_KEY_COL("CRED3")
cond::auth::COND_DEFAULT_ROLE
static constexpr const char *const COND_DEFAULT_ROLE
Definition: Auth.h:15
PRINCIPAL_NAME_COL
static const std::string PRINCIPAL_NAME_COL("P_NAME")
Generated for CMSSW Reference Manual by doxygen 1.8.5