// GssCredential.h

#ifndef dset__GssCredential_H
#define dset__GssCredential_H

// Class for creating and accessing GSS credentials.

#include <string>
#include <iosfwd>

class gss_cred_id_desc_struct;
typedef gss_cred_id_desc_struct* gss_cred_id_t;

namespace dset {

class GssCredential {

public:  // typedefs

  typedef std::string Name;

public:  // Implementation class

  class Imp;

private :  // data

  Imp* m_pimp;

private:  // No assignment.

  // Assignment.
  GssCredential& operator=(const GssCredential&);

public:  // static functions

public:  // constructors and destructor

  // Default constructor.
  // Acquires(and manages) default credential.
  // Must already exist, e.g. from grid-proxy-init.
  GssCredential();

  // Construct from a GSS credential handle.
  // If makecopy is true, the GSS credential is copied and
  // the copy is managed here.
  // Otherwise the original credential is held and not managed.
  explicit GssCredential(gss_cred_id_t pcred, bool makecopy =false);

  // Copy constructor.
  // Copies the credential.
  // New credential is not exported.
  GssCredential(const GssCredential& rhs, bool makecopy =false);

  // Destructor.
  ~GssCredential();

public:  // non-const methods

  // Export the credential to a file.
  // No action if the credential is already exported.
  // This object must manage the credential.
  // Returns nonzero if the file did not exist and could not
  // be created.
  int export_to_file();

  // Delete the credential file.
  // No action if file does not exist.
  // Returns nonzero if file is left behind.
  int delete_file();

  // Gives up management of the GSS credential.
  // Returns the handle if the GSS was managed before the call.
  // In this case, the caller is responsible for releasing the
  // GSS credential.
  // Otherwise returns 0.
  gss_cred_id_t release_gss_handle();

public:  // const methods

  // Validity.
  // Valid if the credential exists and is valid.
  // Credential may be expired.
  bool is_valid() const;

  // Is the GSS credential managed here?
  bool manage() const;

  // Name associated with the credential.
  // DN for GSI.
  Name name() const;

  // Time remaining (sec).
  int timeleft() const;

  // File to which credential is exported.
  // Blank if invalid or not exported.
  std::string file() const;

  // Error message.
  std::string error_message() const;

  // Return the GSS credential handle.
  // Caller should not release the GSS credential.
  gss_cred_id_t gss_handle() const;

};

}  // end namespace

// Output stream.
std::ostream&
operator<<(std::ostream& lhs, const dset::GssCredential& rhs);

#endif