summaryrefslogtreecommitdiff
path: root/TAO/orbsvcs/orbsvcs/SL3TLS.idl
diff options
context:
space:
mode:
Diffstat (limited to 'TAO/orbsvcs/orbsvcs/SL3TLS.idl')
-rw-r--r--TAO/orbsvcs/orbsvcs/SL3TLS.idl350
1 files changed, 0 insertions, 350 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SL3TLS.idl b/TAO/orbsvcs/orbsvcs/SL3TLS.idl
deleted file mode 100644
index c5701351e11..00000000000
--- a/TAO/orbsvcs/orbsvcs/SL3TLS.idl
+++ /dev/null
@@ -1,350 +0,0 @@
-//tabstop=4
-//***********************************************************************
-// ORBAsec SL3
-// ----------------------------------------------------------------------
-// Copyright (C) 2001 Adiron, LLC.
-// All rights reserved.
-// ----------------------------------------------------------------------
-// $Id$
-//***********************************************************************
-#ifndef _SL3TLS_IDL_
-#define _SL3TLS_IDL_
-#include <orb.idl>
-#include <SL3/SecurityLevel3.idl>
-#include <SL3/TransportSecurity.idl>
-#include <SL3/SL3AQArgs.idl>
-#include <SL3/SL3TCPIP.idl>
-
-#pragma prefix "adiron.com"
-
-module SL3TLS {
- const TransportSecurity::MechanismId MID_TLS = "TLS";
-
- /**
- * This is the only acquisition mechanism for acquiring TLS
- * Transport Credentials.
- */
- const TransportSecurity::AcquisitionMethod AQM_TLSArgs = "TLSArgs";
-
- /**
- * Implementers may create their own local version of
- * this interface to verify chains of X509 Certificates.
- */
- local interface TLSX509IdentityVerifier {
-
- /**
- * This operation is called by the security service at the
- * TLS Transport Credentials creation phase to add certificates
- * as trusted entities directed by other TLS options.
- */
- void add_trusted_authority(
- in SecurityLevel3::X509IdentityStatement auth
- );
-
- /**
- * This operation is called by the security service to determine
- * if the peer is allowed to be anonymous. This means that the
- * peer has not delivered a certificate and did not authenticate
- * itself.
- */
- boolean is_anonymous_allowed();
-
- /**
- * This operation is called by the security service at the
- * transport authentication phase, when the peer certificate
- * needs to be verified. The X509IdentityStatement will contain
- * a sequence of encoded X509 Certificates, which may be empty.
- */
- boolean verify(
- in SecurityLevel3::X509IdentityStatement ident
- );
- };
-
- /**
- * The TLS KeyStore Acquisition Builder extends the TCPIP
- * Builder. This is because the same TCPIP Acquisition Arguments
- * apply to TLS, as TCPIP sits underneath TLS.
- */
- local interface TLSKeyStoreArgBuilder : SL3TCPIP::TCPIPArgBuilder {
-
- /**
- * This operation adds a X509 Certificate Chain Identity Verifier
- * argument to the acquisition arguments.
- *
- * @param verifier The locally defined interface that will verify
- * the certificate chain.
- */
- void addTLSX509IdentityVerifier(
- in TLSX509IdentityVerifier verifier
- );
-
- /**
- * This operation is used when there is a password on
- * the keystore.
- *
- * @param keystore This argument contains the URL of the
- * keystore.
- * @param storetype This argument contains the type of the
- * keystore. Currently, one of "IAIKKeyStore"
- * or "jks".
- * @param storepass This is the password that protects the
- * key store.
- * @param keyalias This argument contains the alias of a private
- * key in the keystore. If this argument is
- * an empty string, then the credentials will
- * be considered anonymous.
- * @param keypass This argument contains the password that
- * unlocks the private key named by the keyalias.
- * @param trusted_cert_names
- * This argument contains the alias of certificates
- * in the key store that are considered trusted
- * to verify certificates of the peer during
- * authentication. A empty string sequence signifies
- * that the default chain verifier will accept
- * chains ending in any trusted certificate
- * entry found in the keystore.
- * <p>
- * Note: On the default TLSX509IdentityVerifier, anonymous
- * communication is always allowed.
- */
- void addTLSKeyStoreWithStorePass(
- in string keystore,
- in string storetype,
- in string storepass,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation is used when there is no password on
- * the keystore. This approach should only be used in
- * cases where the integrity of the keystore is not an issue.
- *
- * @param keystore This argument contains the URL of the
- * keystore.
- * @param storetype This argument contains the type of the
- * keystore. Currently, one of "IAIKKeyStore"
- * or "jks".
- * @param keyalias This argument contains the alias of a private
- * key in the keystore. If this argument is
- * an empty string, then the credentials will
- * be considered anonymous.
- * @param keypass This argument contains the password that
- * unlocks the private key named by the keyalias.
- * @param trusted_cert_names
- * This argument contains the alias of certificates
- * in the key store that are considered trusted
- * to verify certificates of the peer during
- * authentication. A empty string sequence signifies
- * that the default chain verifier will accept
- * chains ending in any trusted certificate
- * entry found in the keystore.
- * <p>
- * Note: On the default TLSX509IdentityVerifier, anonymous
- * communication is always allowed.
- */
- void addTLSKeyStoreNoStorePass(
- in string keystore,
- in string storetype,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation is used when there is a password on
- * the keystore.
- *
- * @param keystore This argument contains the octet
- * sequence containing the keystore.
- * @param storetype This argument contains the type of the
- * keystore. Currently, one of "IAIKKeyStore"
- * or "jks".
- * @param storepass This is the password that protects the
- * key store.
- * @param keyalias This argument contains the alias of a private
- * key in the keystore. If this argument is
- * an empty string, then the credentials will
- * be considered anonymous.
- * @param keypass This argument contains the password that
- * unlocks the private key named by the keyalias.
- * @param trusted_cert_names
- * This argument contains the alias of certificates
- * in the key store that are considered trusted
- * to verify certificates of the peer during
- * authentication. A empty string sequence signifies
- * that the default chain verifier will accept
- * chains ending in any trusted certificate
- * entry found in the keystore.
- * <p>
- * Note: On the default TLSX509IdentityVerifier, anonymous
- * communication is always allowed.
- */
- void addTLSEncodedKeyStoreWithStorePass(
- in CORBA::OctetSeq keystore,
- in string storetype,
- in string storepass,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation is used when there is no password on
- * the keystore. This approach should only be used in
- * cases where the integrity of the keystore is not an issue.
- *
- * @param keystore This argument contains the octet
- * sequence containing the keystore.
- * @param storetype This argument contains the type of the
- * keystore. Currently, one of "IAIKKeyStore"
- * or "jks".
- * @param keyalias This argument contains the alias of a private
- * key in the keystore. If this argument is
- * an empty string, then the credentials will
- * be considered anonymous.
- * @param keypass This argument contains the password that
- * unlocks the private key named by the keyalias.
- * @param trusted_cert_names
- * This argument contains the alias of certificates
- * in the key store that are considered trusted
- * to verify certificates of the peer during
- * authentication. A empty string sequence signifies
- * that the default chain verifier will accept
- * chains ending in any trusted certificate
- * entry found in the keystore.
- * <p>
- * Note: On the default TLSX509IdentityVerifier, anonymous
- * communication is always allowed.
- */
- void addTLSEncodedKeyStoreNoStorePass(
- in CORBA::OctetSeq keystore,
- in string storetype,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
- };
-
- /**
- * This acquisition mechanism specifies getting TLS credential
- * information from a Java KeyStore file. The Argument Factory
- * and Builder inherit the TCPIP.
- * The arguments used in TCPIP apply
- * in setting up TCPIP sockets, because TCPIP lies
- * below SSL/TLS.
- * <p>
- * If the TCPIPInitiatorOptions and/or TCPIPAcceptorOptions
- * arguments are present, then they are followed, otherwise
- * defaults for TCPIP are used.
- * <p>
- * The Arguments should have one of
- * TLSKeyStoreWithStorePass or TLSKeyStoreNoStorePass. If
- * neither of them is specified, the resulting Credentials will
- * run in TLS anonymously.
- *
- */
- const TransportSecurity::AcquisitionMethod
- AQM_TLSKeyStoreArgs = "TLSKeyStoreArgs";
-
- /**
- * This object allows to create the Builder for use with TLS
- * and a Java KeyStore.
- */
- local interface ArgumentFactory : SL3TCPIP::ArgumentFactory {
-
- /**
- * This operation creates a TLS KeyStore Arg Builder
- * object.
- */
- TLSKeyStoreArgBuilder createTLSKeyStoreArgBuilder(
- in TransportSecurity::CredentialsUsage usage
- );
-
- /**
- * This operation creates a Tagged Argument containing
- * a reference to a X509 Certificate Chain Verifier
- */
- SL3AQArgs::Argument createTLSX509IdentityVerifier(
- in TLSX509IdentityVerifier verifier
- );
-
- /**
- * This operation creates a Tagged Argument containing
- * the following information for acquiring credentials
- * from a Java KeyStore that is protected with a password.
- * <p>
- * For a description of the arguments, please see the
- * corresponding operation in the TLSKeyStoreArgBuilder.
- *
- * @see TLSKeyStoreArgBuilder
- */
- SL3AQArgs::Argument createTLSKeyStoreWithStorePass(
- in string keystore,
- in string storetype,
- in string storepass,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation creates a Tagged Argument containing
- * the following information for acquiring credentials
- * from a Java KeyStore that may be protected with a password.
- * <p>
- * For a description of the arguments, please see the
- * corresponding operation in the TLSKeyStoreArgBuilder.
- *
- * @see TLSKeyStoreArgBuilder
- */
- SL3AQArgs::Argument createTLSKeyStoreNoStorePass(
- in string keystore,
- in string storetype,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation creates a Tagged Argument containing
- * the following information for acquiring credentials
- * from a Java KeyStore that is protected with a password.
- * <p>
- * For a description of the arguments, please see the
- * corresponding operation in the TLSKeyStoreArgBuilder.
- *
- * @see TLSKeyStoreArgBuilder
- */
- SL3AQArgs::Argument createTLSEncodedKeyStoreWithStorePass(
- in CORBA::OctetSeq keystore,
- in string storetype,
- in string storepass,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- /**
- * This operation creates a Tagged Argument containing
- * the following information for acquiring credentials
- * from a Java KeyStore that may be protected with a password.
- * <p>
- * For a description of the arguments, please see the
- * corresponding operation in the TLSKeyStoreArgBuilder.
- *
- * @see TLSKeyStoreArgBuilder
- */
- SL3AQArgs::Argument createTLSEncodedKeyStoreNoStorePass(
- in CORBA::OctetSeq keystore,
- in string storetype,
- in string keyalias,
- in string keypass,
- in CORBA::StringSeq trusted_cert_names
- );
-
- };
-
-};
-#endif
View Lorry Controller Status