Google APIs Client Library for C++
file_credential_store.h
Go to the documentation of this file.
00001 /*
00002  * \copyright Copyright 2013 Google Inc. All Rights Reserved.
00003  * \license @{
00004  *
00005  * Licensed under the Apache License, Version 2.0 (the "License");
00006  * you may not use this file except in compliance with the License.
00007  * You may obtain a copy of the License at
00008  *
00009  *     http://www.apache.org/licenses/LICENSE-2.0
00010  *
00011  * Unless required by applicable law or agreed to in writing, software
00012  * distributed under the License is distributed on an "AS IS" BASIS,
00013  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00014  * See the License for the specific language governing permissions and
00015  * limitations under the License.
00016  *
00017  * @}
00018  */
00019 
00020 #ifndef APISERVING_CLIENTS_CPP_AUTH_FILE_CREDENTIAL_STORE_H_
00021 #define APISERVING_CLIENTS_CPP_AUTH_FILE_CREDENTIAL_STORE_H_
00022 
00023 #include <string>
00024 using std::string;
00025 #include "googleapis/client/auth/credential_store.h"
00026 #include "googleapis/base/macros.h"
00027 #include "googleapis/strings/stringpiece.h"
00028 #include "googleapis/util/status.h"
00029 namespace googleapis {
00030 
00031 namespace client {
00032 
00033 /*
00034  * A concrete CredentialStore that writes to files.
00035  * @ingroup AuthSupport
00036  *
00037  * Stores credentials as individual files using the user_name name.
00038  * The root_path is the root directory of the store.
00039  * It must be user-read/writable only. If the path does not exist, then it
00040  * will be created with user-only read/write/examine permissions.
00041  *
00042  * @note  The store is in the structure [root]/[user name]/[client id]
00043  * which is not quite how the API feels but might make more sense to manage.
00044  *
00045  * @warning This factory stores plain text files to the given path.
00046  *          It only permits user read/write permissions on the files
00047  *          and directories, however is still dangerous because if the
00048  *          files are compramised, the refresh tokens will be insecure.
00049  *
00050  * @warning You can encrypt/decrypt the files by binding an
00051  *          CodecFactory that performs encryption/decryption
00052  *          to this factory. However, such a factory is not included with
00053  *          the SDK at this time. You will need to write one yourself.
00054  *
00055  * @warning The user_name used here is not verified in any way. It corresponds
00056  *          to the cloud user, not the user on the local device. A given
00057  *          device user may have multiple cloud user names. The expectation
00058  *          is that the provided user_name is the cloud name, but it is not
00059  *          enforced. This could lead to accidents if the files are compramised
00060  *          or the program provides a name to the store different than the
00061  *          name with which it received the credentials being stored.
00062  *
00063  * @see Codec
00064  */
00065 class FileCredentialStoreFactory : public CredentialStoreFactory {
00066  public:
00067   /*
00068    * Standard constructor.
00069    * @param[in] root_path It is expected, but not required, that root_path
00070    *            is the result of GetSystemHomeDirectoryStorePath().
00071    */
00072   explicit FileCredentialStoreFactory(const StringPiece& root_path);
00073 
00074   /*
00075    * Standard destructor.
00076    */
00077   ~FileCredentialStoreFactory();
00078 
00079   /*
00080    * Returns the root path the store was constructed with.
00081    */
00082   const string& root_path() const { return root_path_; }
00083 
00084   /*
00085    * Creates a new store for the given client id.
00086    *
00087    * @param[in] client_id The client this store is for is used as the filename.
00088    * @param[out] status Set witth the reason for failure if NULL is returned.
00089    *
00090    * @return NULL is returned on failure.
00091    */
00092   virtual CredentialStore* NewCredentialStore(
00093       const string& client_id, util::Status* status) const;
00094 
00095   /*
00096    * Returns the path in the $HOME directory for the googleapis store.
00097    *
00098    * This user is the local OS user, not the googleapis cloud user.
00099    * The cloud user data will be stored within this local OS user.
00100    *
00101    * @param[out] path The home directory path for storing credentials.
00102    * @return ok or reason for directory could not be determined.
00103    */
00104   static util::Status GetSystemHomeDirectoryStorePath(string* path);
00105 
00106  private:
00107   const string root_path_;
00108   DISALLOW_COPY_AND_ASSIGN(FileCredentialStoreFactory);
00109 };
00110 
00111 }  // namespace client
00112 
00113 } // namespace googleapis
00114 #endif  // APISERVING_CLIENTS_CPP_AUTH_FILE_CREDENTIAL_STORE_H_
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines