|
Google APIs Client Library for C++
|
|
Google APIs Client Library for C++
|
00001 /* 00002 * \copyright Copyright 2013 Google Inc. All Rights Reserved. 00003 * \license @{ 00004 * 00005 * Licensed under the Apache License, Version 2.0 (the "License"); 00006 * you may not use this file except in compliance with the License. 00007 * You may obtain a copy of the License at 00008 * 00009 * http://www.apache.org/licenses/LICENSE-2.0 00010 * 00011 * Unless required by applicable law or agreed to in writing, software 00012 * distributed under the License is distributed on an "AS IS" BASIS, 00013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00014 * See the License for the specific language governing permissions and 00015 * limitations under the License. 00016 * 00017 * @} 00018 */ 00019 00020 /* 00021 * @defgroup AuthSupport Auth Support - Generic Components 00022 * 00023 * The Authentication and Authorization Support module includes some 00024 * components that may be of use to libraries and applications independent 00025 * of the explicit OAuth 2.0 specific support. 00026 * 00027 * It does not implement a concrete authorization mechanism itself. 00028 * The OAuth 2.0 module is built using this abstraction to provide OAuth 2.0 00029 * support. Separating the abstraction from the mechanism provides the 00030 * decoupling desired in the design of the HTTP transport layer and can 00031 * extend that to other consumers that only care about credentials not not 00032 * necessarily OAuth 2.0 in particular. 00033 */ 00034 #ifndef APISERVING_CLIENTS_CPP_AUTH_CREDENTIAL_STORE_H_ 00035 #define APISERVING_CLIENTS_CPP_AUTH_CREDENTIAL_STORE_H_ 00036 00037 #include <string> 00038 using std::string; 00039 #include "googleapis/client/transport/http_authorization.h" 00040 #include "googleapis/base/macros.h" 00041 #include "googleapis/base/scoped_ptr.h" 00042 #include "googleapis/strings/stringpiece.h" 00043 #include "googleapis/util/status.h" 00044 namespace googleapis { 00045 00046 namespace client { 00047 00048 class Codec; 00049 class CodecFactory; 00050 class DataReader; 00051 00052 /* 00053 * Base class for a data store of persisted credentials. 00054 * @ingroup AuthSupport 00055 * 00056 * This interface is in terms of the DataReader that the abstract 00057 * AuthorizationCredential uses. Therefore it is suitable for any 00058 * type of credential derived from AuthorizationCredential, including 00059 * the OAuth2Credential introduced in the OAuth 2.0 module. 00060 * 00061 * @warning 00062 * The library does not currently provide encryption. However, for security 00063 * you are encouraged to encrypt the data streams if possible. This will 00064 * prevent authorization and refresh tokens from being readable should the 00065 * persisted store become compramised. The refresh token still requires the 00066 * client secret to turn into an access token. 00067 * 00068 * Although no encryption mechanism is provided at this time, the 00069 * CredentialStore will accomodate one injected using a Codec that you can 00070 * write. 00071 * 00072 * @see Codec 00073 * @see AuthorizationCredential 00074 */ 00075 class CredentialStore { 00076 public: 00077 /* 00078 * Standard constructor. 00079 */ 00080 CredentialStore(); 00081 00082 /* 00083 * Standard destructor. 00084 */ 00085 virtual ~CredentialStore(); 00086 00087 /* 00088 * Sets the Codec that this store should use for re-encoding and decoding 00089 * data streams. 00090 * 00091 * The intention here is to encrypt and decrypt but the codec can be used 00092 * for any purpose. 00093 * 00094 * @param[in] codec Ownership is passsed to the store. NULL is permitted 00095 * to mean do not perform any encryption or decryption. 00096 */ 00097 void set_codec(Codec* codec); 00098 00099 /* 00100 * Returns the codec for this store. 00101 * 00102 * @return NULL if the store is not encrypted. 00103 */ 00104 Codec* codec() const { return codec_.get(); } 00105 00106 /* 00107 * Restore a credential for the given user name. 00108 * 00109 * @param[in] user_name The key to store from 00110 * @param[out] credential The credential to load into. 00111 * 00112 * @return success if the credential could be restored. A successful result 00113 * requires that a credential had been stored at some earlier time. 00114 */ 00115 virtual util::Status InitCredential( 00116 const StringPiece& user_name, AuthorizationCredential* credential) = 0; 00117 00118 /* 00119 * Stores the credential under the given user_name. 00120 * 00121 * This will replace any previously stored credential for the user_name. 00122 * 00123 * @param[in] user_name The key to store the credential under. 00124 * @param[in] credential The credential to store. 00125 * 00126 * @returns success if the credential could be stored successfully. 00127 */ 00128 virtual util::Status Store( 00129 const StringPiece& user_name, 00130 const AuthorizationCredential& credential) = 0; 00131 00132 /* 00133 * Deletes the credential with the given user_name. 00134 * 00135 * @param[in] user_name The key to remove. 00136 * @return success if the key no longer exists in the store. 00137 */ 00138 virtual util::Status Delete(const StringPiece& user_name) = 0; 00139 00140 protected: 00141 /* 00142 * Applies the codec (if any) to decode a reader. 00143 * 00144 * @param[in] reader The caller passes ownership to the reader. 00145 * @param[out] status Success if the reader could be decoded. 00146 * @return The decoded stream. Ownerhsip is passed back to the caller. 00147 * This will always return a reader, though may be an 00148 * InvalidDataReader if there is an error. 00149 */ 00150 DataReader* DecodedToEncodingReader( 00151 DataReader* reader, util::Status* status); 00152 00153 /* 00154 * Applies the codec (if any) to encode a reader. 00155 * 00156 * @param[in] reader The caller passes ownership to the reader. 00157 * @param[out] status Success if the reader could be encoded. 00158 * @return The encoded stream. Ownerhsip is passed back to the caller. 00159 * This will always return a reader, though may be an 00160 * InvalidDataReader if there is an error. 00161 */ 00162 DataReader* EncodedToDecodingReader( 00163 DataReader* reader, util::Status* status); 00164 00165 private: 00166 scoped_ptr<Codec> codec_; 00167 00168 DISALLOW_COPY_AND_ASSIGN(CredentialStore); 00169 }; 00170 00171 /* 00172 * Creates a CredentialStore. 00173 * @ingroup AuthSupport 00174 * 00175 * Implements a Factory Pattern to create a credential store. 00176 * This is used to inject a credential store where lazy initialization might be 00177 * required. 00178 * 00179 * CredentialStore class instances are scoped to an individual client_id. 00180 */ 00181 class CredentialStoreFactory { 00182 public: 00183 /* 00184 * Standard constructor. 00185 */ 00186 CredentialStoreFactory(); 00187 00188 /* 00189 * Standard destructor. 00190 */ 00191 virtual ~CredentialStoreFactory(); 00192 00193 /* 00194 * Sets a factory for creating the codec to assign to new instances. 00195 * 00196 * @param codec_factory NULL means do not set a codec on new instances. 00197 * otherwise the factory is used to create new codec instances to 00198 * bind to new store instances created by this factory. 00199 */ 00200 void set_codec_factory(CodecFactory* codec_factory); 00201 00202 /* 00203 * Returns the codec_factory for this factory. 00204 */ 00205 CodecFactory* codec_factory() const { return codec_factory_.get(); } 00206 00207 /* 00208 * Creates a new CredentialStore instance. 00209 * 00210 * @param[in] client_id The client ID to scope the store to. 00211 * @param[out] status The reason for failrue if NULL is returned. 00212 * @return new store instance on success or NULL on failure. 00213 */ 00214 virtual CredentialStore* NewCredentialStore( 00215 const string& client_id, util::Status* status) const = 0; 00216 00217 private: 00218 scoped_ptr<CodecFactory> codec_factory_; 00219 00220 DISALLOW_COPY_AND_ASSIGN(CredentialStoreFactory); 00221 }; 00222 00223 } // namespace client 00224 00225 } // namespace googleapis 00226 #endif // APISERVING_CLIENTS_CPP_AUTH_CREDENTIAL_STORE_H_
1.7.6.1 
