Add a keyring based Storage.

Reviewed in http://codereview.appspot.com/6450070/.

Fixes issue #21.
diff --git a/oauth2client/keyring_storage.py b/oauth2client/keyring_storage.py
new file mode 100644
index 0000000..efe2949
--- /dev/null
+++ b/oauth2client/keyring_storage.py
@@ -0,0 +1,109 @@
+# Copyright (C) 2012 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""A keyring based Storage.
+
+A Storage for Credentials that uses the keyring module.
+"""
+
+__author__ = 'jcgregorio@google.com (Joe Gregorio)'
+
+import keyring
+import threading
+
+from client import Storage as BaseStorage
+from client import Credentials
+
+
+class Storage(BaseStorage):
+  """Store and retrieve a single credential to and from the keyring.
+
+  To use this module you must have the keyring module installed. See
+  <http://pypi.python.org/pypi/keyring/>. This is an optional module and is not
+  installed with oauth2client by default because it does not work on all the
+  platforms that oauth2client supports, such as Google App Engine.
+
+  The keyring module <http://pypi.python.org/pypi/keyring/> is a cross-platform
+  library for access the keyring capabilities of the local system. The user will
+  be prompted for their keyring password when this module is used, and the
+  manner in which the user is prompted will vary per platform.
+
+  Usage:
+    from oauth2client.keyring_storage import Storage
+
+    s = Storage('name_of_application', 'user1')
+    credentials = s.get()
+
+  """
+
+  def __init__(self, service_name, user_name):
+    """Constructor.
+
+    Args:
+      service_name: string, The name of the service under which the credentials
+        are stored.
+      user_name: string, The name of the user to store credentials for.
+    """
+    self._service_name = service_name
+    self._user_name = user_name
+    self._lock = threading.Lock()
+
+  def acquire_lock(self):
+    """Acquires any lock necessary to access this Storage.
+
+    This lock is not reentrant."""
+    self._lock.acquire()
+
+  def release_lock(self):
+    """Release the Storage lock.
+
+    Trying to release a lock that isn't held will result in a
+    RuntimeError.
+    """
+    self._lock.release()
+
+  def locked_get(self):
+    """Retrieve Credential from file.
+
+    Returns:
+      oauth2client.client.Credentials
+    """
+    credentials = None
+    content = keyring.get_password(self._service_name, self._user_name)
+
+    if content is not None:
+      try:
+        credentials = Credentials.new_from_json(content)
+        credentials.set_store(self)
+      except ValueError:
+        pass
+
+    return credentials
+
+  def locked_put(self, credentials):
+    """Write Credentials to file.
+
+    Args:
+      credentials: Credentials, the credentials to store.
+    """
+    keyring.set_password(self._service_name, self._user_name,
+                         credentials.to_json())
+
+  def locked_delete(self):
+    """Delete Credentials file.
+
+    Args:
+      credentials: Credentials, the credentials to store.
+    """
+    keyring.set_password(self._service_name, self._user_name, '')
diff --git a/runtests.sh b/runtests.sh
index 19bd704..a4fc9cd 100755
--- a/runtests.sh
+++ b/runtests.sh
@@ -18,3 +18,4 @@
 $1 runtests.py tests/test_protobuf_model.py
 $1 runtests.py tests/test_schema.py
 $1 runtests.py tests/test_oauth2client_appengine.py
+$1 runtests.py tests/test_oauth2client_keyring.py
diff --git a/samples/keyring/README b/samples/keyring/README
new file mode 100644
index 0000000..26e81d8
--- /dev/null
+++ b/samples/keyring/README
@@ -0,0 +1,4 @@
+Demonstrates storing Credentials in the system keyring.
+
+api: plus
+keywords: cmdline pagination oauth2
diff --git a/samples/keyring/client_secrets.json b/samples/keyring/client_secrets.json
new file mode 100644
index 0000000..a232f37
--- /dev/null
+++ b/samples/keyring/client_secrets.json
@@ -0,0 +1,9 @@
+{
+  "web": {
+    "client_id": "[[INSERT CLIENT ID HERE]]",
+    "client_secret": "[[INSERT CLIENT SECRET HERE]]",
+    "redirect_uris": [],
+    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+    "token_uri": "https://accounts.google.com/o/oauth2/token"
+  }
+}
diff --git a/samples/keyring/plus.py b/samples/keyring/plus.py
new file mode 100644
index 0000000..fb19bcf
--- /dev/null
+++ b/samples/keyring/plus.py
@@ -0,0 +1,139 @@
+#!/usr/bin/python2.4
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Simple command-line sample for the Google+ API.
+
+Command-line application that retrieves the users latest content and
+then adds a new entry.
+
+Usage:
+  $ python plus.py
+
+You can also get help on all the command-line flags the program understands
+by running:
+
+  $ python plus.py --help
+
+To get detailed log output run:
+
+  $ python plus.py --logging_level=DEBUG
+"""
+
+__author__ = 'jcgregorio@google.com (Joe Gregorio)'
+
+import getpass
+import gflags
+import httplib2
+import logging
+import os
+import pprint
+import sys
+
+from apiclient.discovery import build
+from oauth2client.keyring_storage import Storage
+from oauth2client.client import AccessTokenRefreshError
+from oauth2client.client import flow_from_clientsecrets
+from oauth2client.tools import run
+
+
+FLAGS = gflags.FLAGS
+
+# CLIENT_SECRETS, name of a file containing the OAuth 2.0 information for this
+# application, including client_id and client_secret, which are found
+# on the API Access tab on the Google APIs
+# Console <http://code.google.com/apis/console>
+CLIENT_SECRETS = 'client_secrets.json'
+
+# Helpful message to display in the browser if the CLIENT_SECRETS file
+# is missing.
+MISSING_CLIENT_SECRETS_MESSAGE = """
+WARNING: Please configure OAuth 2.0
+
+To make this sample run you will need to populate the client_secrets.json file
+found at:
+
+   %s
+
+with information from the APIs Console <https://code.google.com/apis/console>.
+
+""" % os.path.join(os.path.dirname(__file__), CLIENT_SECRETS)
+
+# Set up a Flow object to be used if we need to authenticate.
+FLOW = flow_from_clientsecrets(CLIENT_SECRETS,
+    scope='https://www.googleapis.com/auth/plus.me',
+    message=MISSING_CLIENT_SECRETS_MESSAGE)
+
+
+# The gflags module makes defining command-line options easy for
+# applications. Run this program with the '--help' argument to see
+# all the flags that it understands.
+gflags.DEFINE_enum('logging_level', 'ERROR',
+    ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'],
+    'Set the level of logging detail.')
+
+
+def main(argv):
+  # Let the gflags module process the command-line arguments
+  try:
+    argv = FLAGS(argv)
+  except gflags.FlagsError, e:
+    print '%s\\nUsage: %s ARGS\\n%s' % (e, argv[0], FLAGS)
+    sys.exit(1)
+
+  # Set the logging according to the command-line flag
+  logging.getLogger().setLevel(getattr(logging, FLAGS.logging_level))
+
+  # If the Credentials don't exist or are invalid run through the native client
+  # flow. The Storage object will ensure that if successful the good
+  # Credentials will get written back to a file.
+  storage = Storage('Google_Plus_Sample', getpass.getuser())
+  credentials = storage.get()
+
+  if credentials is None or credentials.invalid:
+    credentials = run(FLOW, storage)
+
+  # Create an httplib2.Http object to handle our HTTP requests and authorize it
+  # with our good Credentials.
+  http = httplib2.Http()
+  http = credentials.authorize(http)
+
+  service = build("plus", "v1", http=http)
+
+  try:
+    person = service.people().get(userId='me').execute(http)
+
+    print "Got your ID: %s" % person['displayName']
+    print
+    print "%-040s -> %s" % ("[Activitity ID]", "[Content]")
+
+    # Don't execute the request until we reach the paging loop below
+    request = service.activities().list(
+        userId=person['id'], collection='public')
+    # Loop over every activity and print the ID and a short snippet of content.
+    while ( request != None ):
+      activities_doc = request.execute()
+      for item in activities_doc.get('items', []):
+        print '%-040s -> %s' % (item['id'], item['object']['content'][:30])
+
+      request = service.activities().list_next(request, activities_doc)
+
+  except AccessTokenRefreshError:
+    print ("The credentials have been revoked or expired, please re-run"
+      "the application to re-authorize")
+
+if __name__ == '__main__':
+  main(sys.argv)