// CredentialSelectionCatalog.h 

#ifndef dset__CredentialSelectionCatalog_H
#define dset__CredentialSelectionCatalog_H

// David Adams
// July 2005.
//
// A credential selection catalog associates named attributes with
// a credential name. The attributes include the owner.
//
// This class is built on a generic selection catalog.

#include <string>
#include <iosfwd>
#include "dataset_sql/SqlQuery.h"
#include "dataset_catalog/GenericSelectionCatalog.h"

namespace dset {

class CredentialSelectionCatalog {

public: // typedefs

  typedef std::string Connection;
  typedef dset::GenericSelectionCatalog::Name Name;
  typedef dset::GenericSelectionCatalog::NameList NameList;
  typedef dset::GenericSelectionCatalog::size_type size_type;
  typedef dset::GenericSelectionCatalog::Attributes Attributes;
  
private: // Data
  
  dset::GenericSelectionCatalog* m_pcat;
  std::string m_errmsg;

private:

  // No copying allowed.
  CredentialSelectionCatalog(const CredentialSelectionCatalog&);

  // No assignment allowed.
  CredentialSelectionCatalog&
  operator=(const CredentialSelectionCatalog&);

public:  // static methods

  // Return the default concrete instance of this class.
  // First pass, use set_default_instance or 
  // define an invalid catalog if this fails.
  static CredentialSelectionCatalog& default_instance();

  // Set the the default instance of this class.
  // The class takes ownership of the argument and deletes it the
  // next time the default instance is changed.
  // Returns 0 for success.
  static int set_default_instance(CredentialSelectionCatalog* psc);

  // Set the the default instance of this class.
  // The connection is used with the connection resolver to construct
  // a and new default catalog.
  // Returns 0 for success.
  static int set_default_instance(Connection conn ="");

  // Assign an empty DSC as the default by
  // 1. creating an empty SQLRESULT DSC csc.dat,
  // 2. appending a clause to resolver.dat and
  // 3. setting the latter as the connection configuration file.
  // This should only be used for testing.
  // The connection resolver is shared by all catalogs.
  // Returns 0 for success.
  static int create_default_instance();

  // Register the thread credential locator so that this class is
  // used to define thread credentials. This is called upon library load
  // and need not be called again.
  static int define_thread_credential_locator();

public:  // methods

  // Default constructor.
  // Produces an invalid catalog.
  CredentialSelectionCatalog();

  // Constructor from a generic selection catalog.
  // Argument must have catalog type CredentialSelectionCatalog.
  // This class takes ownership (deletes) the input catalog.
  explicit CredentialSelectionCatalog(dset::GenericSelectionCatalog* pcat);

  // Constructor from a catalog connection.
  explicit CredentialSelectionCatalog(Connection conn);

  // Destructor.
  ~CredentialSelectionCatalog();

public:  // const methods

  // Is this a valid catalog?
  bool is_valid() const;

  // Message from last update, insert or remove.
  // Blank if there was no error.
  std::string error_message() const;

  // Catalog type: CredentialSelectionCatalog.
  Name catalog_type() const;

  // Return the attribute names.
  NameList schema() const;

  // Does a DN name appear in the catalog?
  bool has_name(Name name) const;

  // Return the owner associated with a credential name.
  Name owner(Name name) const;

  // Retrieve the attributes associated with a name.
  Attributes attributes(Name name) const;

  // Return the number of entries in the catalog.
  size_type size() const;

  // Return the names for the first maxent entries that match a query.
  NameList query(dset::SqlQuery qry, size_type maxent =20) const;

  // Retrieve the number of entries that match a query.
  size_type query_count(dset::SqlQuery qry) const;

public:  // non-const methods

  // Insert a new credential name with owner.
  // Error if name is already present or catalog cannot be updated.
  // Error if the owner is already present. [This will change when
  // there are means to check for the existence of a
  // valid and unexpired certificate (in GssCredentialManager) for
  // one of the existing names associated with the owner.]
  // Returns 0 for success.
  int insert(Name name, Name owner);

  // Update the attributes for an existing entry.
  // Attributes may not include name or owner.
  // Returns 0 for success.
  int update(Name name, const Attributes& att);

  // Remove an entry.
  // Error if name is not present or entry cannot be removed.
  // Returns 0 for success.
  int remove(Name name);

};

}  // end dset namespace

// Output stream.
std::ostream& operator<<(std::ostream& lhs,
                         const dset::CredentialSelectionCatalog& rhs);

#endif