blob: ba4f9c406b6c767e25c73213824924e88f9f1ada (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
// -*- IDL -*-
//
// $Id$
// File: SSLIOP.idl
// Part of the Security Service with additions from the Firewall
// specification.
#ifndef _SSLIOP_IDL
#define _SSLIOP_IDL
#include "tao/IOP.pidl"
#include "Security.idl"
// #include <Firewall.idl>
#pragma prefix "omg.org"
module SSLIOP {
/// Security mechanism SSL
const IOP::ComponentId TAG_SSL_SEC_TRANS = 20;
struct SSL {
Security::AssociationOptions target_supports;
Security::AssociationOptions target_requires;
unsigned short port;
};
// const Firewall::IdTag TAG_ID_SSL_CERT = xx; // OMG allocated
/// A DER encoded X.509 certificate.
typedef sequence<octet> ASN_1_Cert;
/// A chain of DER encoded X.509 certificates. The chain is actually
/// a sequence, according CORBA CDR encapsulation rules.
/// The sender's certificate is first, followed by any Certificate
/// Authority certificates proceeding sequentially upward.
typedef sequence<ASN_1_Cert> SSL_Cert;
/// The following are TAO extensions.
# pragma prefix "ssliop.tao"
/// The SSLIOP::Current interface provides methods to gain access to
/// the SSL session state for the current execution context.
local interface Current : CORBA::Current {
/// Exception that indicates a SSLIOP::Current operation was
/// invoked outside of an SSL session.
exception NoContext {};
/// Return the peer certificate associated with the current
/// request.
ASN_1_Cert get_peer_certificate () raises (NoContext);
/// Return the certificate chain associated with the current
/// execution context. If no SSL session is being used for the
/// request or upcall, then the NoContext exception is raised.
/**
* On the client side, the chain does include the peer (server)
* certficate. However, the certificate chain on the server side
* does NOT contain the peer (client) certificate.
*/
SSL_Cert get_peer_certificate_chain () raises (NoContext);
/// Returns true if the current execution context is not within a
/// SSL session. This method is mostly useful as an inexpensive
/// means of determining whether or not SSL session state is
/// available.
boolean no_context ();
};
enum FileType {
ASN1,
PEM
};
struct File {
FileType type;
string filename;
string password; // Only needed for encrypted PEM files.
};
/// The AuthData structure is the SSLIOP-specific authentication
/// data that will be passed to the
/// SecurityLevel2::PrincipalAuthenticator::authenticate() method.
/// Note that this TAO-specific.
struct AuthData {
File certificate;
File key;
};
# pragma prefix "omg.org"
};
#pragma prefix ""
#endif /* _SSLIOP_IDL */
|