// -*- IDL -*- // // $Id$ // File: SSLIOP.idl // Part of the Security Service with additions from the Firewall // specification. #ifndef _SSLIOP_IDL #define _SSLIOP_IDL #include #include // #include #pragma prefix "omg.org" module SSLIOP { /// Security mechanism SSL const IOP::ComponentId TAG_SSL_SEC_TRANS = 20; struct SSL { Security::AssociationOptions target_supports; Security::AssociationOptions target_requires; unsigned short port; }; // const Firewall::IdTag TAG_ID_SSL_CERT = xx; // OMG allocated /// A DER encoded X.509 certificate. typedef sequence ASN_1_Cert; /// A chain of DER encoded X.509 certificates. The chain is actually /// a sequence, according CORBA CDR encapsulation rules. /// The sender's certificate is first, followed by any Certificate /// Authority certificates proceeding sequentially upward. typedef sequence SSL_Cert; /// The following are TAO extensions. # pragma prefix "ssliop.tao" /// The SSLIOP::Current interface provides methods to gain access to /// the SSL session state for the current execution context. local interface Current : CORBA::Current { /// Exception that indicates a SSLIOP::Current operation was /// invoked outside of an SSL session. exception NoContext {}; /// Return the peer certificate associated with the current /// request. ASN_1_Cert get_peer_certificate () raises (NoContext); /// Return the certificate chain associated with the current /// execution context. If no SSL session is being used for the /// request or upcall, then the NoContext exception is raised. /** * On the client side, the chain does include the peer (server) * certficate. However, the certificate chain on the server side * does NOT contain the peer (client) certificate. */ SSL_Cert get_peer_certificate_chain () raises (NoContext); /// Returns true if the current execution context is not within a /// SSL session. This method is mostly useful as an inexpensive /// means of determining whether or not SSL session state is /// available. boolean no_context (); }; enum FileType { ASN1, PEM }; struct File { FileType type; string filename; string password; // Only needed for encrypted PEM files. }; /// The AuthData structure is the SSLIOP-specific authentication /// data that will be passed to the /// SecurityLevel2::PrincipalAuthenticator::authenticate() method. /// Note that this TAO-specific. struct AuthData { File certificate; File key; }; # pragma prefix "omg.org" }; #pragma prefix "" #endif /* _SSLIOP_IDL */