TAO/orbsvcs/orbsvcs/CSIIOP.idl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

// -*- IDL -*-

//=============================================================================
/**
 *  @file   CSIIOP.idl
 *
 *  $Id$
 *
 *  @author Object Management Group
 */
//=============================================================================

#ifndef _CSIIOP_IDL_
#define _CSIIOP_IDL_

//#include <IOP.pidl>
#include <tao/IOP_IOR.pidl>
#include <CSI.idl>
//import ::IOP
//import ::CSI

module IOP
{
  const ComponentId TAG_CSI_SEC_MECH_LIST = 33;
  const ComponentId TAG_NULL_TAG = 34;
  const ComponentId TAG_SECIOP_SEC_TRANS = 35;
  const ComponentId TAG_TLS_SEC_TRANS = 36;
};

module CSIIOP {
  typeprefix CSIIOP "omg.org";

  // Association options
  typedef unsigned short AssociationOptions;

  const AssociationOptions NoProtection = 1;
  const AssociationOptions Integrity = 2;
  const AssociationOptions Confidentiality = 4;
  const AssociationOptions DetectReplay = 8;
  const AssociationOptions DetectMisordering = 16;
  const AssociationOptions EstablishTrustInTarget = 32;
  const AssociationOptions EstablishTrustInClient = 64;
  const AssociationOptions NoDelegation = 128;
  const AssociationOptions SimpleDelegation = 256;
  const AssociationOptions CompositeDelegation = 512;
  const AssociationOptions IdentityAssertion = 1024;
  const AssociationOptions DelegationByClient = 2048;

  // The high order 20-bits of each ServiceConfigurationSyntax constant
  // shall contain the Vendor Minor Codeset ID (VMCID) of the
  // organization that defined the syntax. The low order 12 bits shall
  // contain the organization-scoped syntax identifier. The high-order 20
  // bits of all syntaxes defined by the OMG shall contain the VMCID
  // allocated to the OMG (that is, 0x4F4D0).
  typedef unsigned long ServiceConfigurationSyntax;

  const ServiceConfigurationSyntax SCS_GeneralNames = CSI::OMGVMCID | 0;
  const ServiceConfigurationSyntax SCS_GSSExportedName = CSI::OMGVMCID | 1;

  typedef sequence <octet> ServiceSpecificName;

  // The name field of the ServiceConfiguration structure identifies a
  // privilege authority in the format identified in the syntax field. If the
  // syntax is SCS_GeneralNames, the name field contains an ASN.1 (BER)
  // SEQUENCE [1..MAX] OF GeneralName, as defined by the type GeneralNames in
  // [IETF RFC 2459]. If the syntax is SCS_GSSExportedName, the name field
  // contains a GSS exported name encoded according to the rules in
  // [IETF RFC 2743] Section 3.2, "Mechanism-Independent Exported Name
  // Object Format," p. 84.

  struct ServiceConfiguration {
    ServiceConfigurationSyntax syntax;
    ServiceSpecificName name;
  };

  typedef sequence <ServiceConfiguration> ServiceConfigurationList;

  // The body of the TAG_NULL_TAG component is a sequence of octets of
  // length 0.

  // type used to define AS layer functionality within a compound mechanism
  // definition

  struct AS_ContextSec {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    CSI::OID client_authentication_mech;
    CSI::GSS_NT_ExportedName target_name;
  };

  // type used to define SAS layer functionality within a compound mechanism
  // definition

  struct SAS_ContextSec {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    ServiceConfigurationList privilege_authorities;
    CSI::OIDList supported_naming_mechanisms;
    CSI::IdentityTokenType supported_identity_types;
  };

  // type used in the body of a TAG_CSI_SEC_MECH_LIST component to
  // describe a compound mechanism

  struct CompoundSecMech {
    AssociationOptions target_requires;
    IOP::TaggedComponent transport_mech;
    AS_ContextSec as_context_mech;
    SAS_ContextSec sas_context_mech;
  };

  typedef sequence <CompoundSecMech> CompoundSecMechanisms;

  // type corresponding to the body of a TAG_CSI_SEC_MECH_LIST
  // component

  struct CompoundSecMechList {
    boolean stateful;
    CompoundSecMechanisms mechanism_list;
  };

  struct TransportAddress {
    string host_name;
    unsigned short port;
  };

  typedef sequence <TransportAddress> TransportAddressList;

  // Tagged component for configuring SECIOP as a CSIv2 transport mechanism

  const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35;

  struct SECIOP_SEC_TRANS {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    CSI::OID mech_oid;
    CSI::GSS_NT_ExportedName target_name;
    TransportAddressList addresses;
  };

  // tagged component for configuring TLS/SSL as a CSIv2 transport mechanism

  const IOP::ComponentId TAG_TLS_SEC_TRANS = 36;

  struct TLS_SEC_TRANS {
    AssociationOptions target_supports;
    AssociationOptions target_requires;
    TransportAddressList addresses;
  };

}; //CSIIOP

#endif