Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages | Search for 

SSLIOP.idl

Go to the documentation of this file.
00001 // -*- IDL -*-
00002 //
00003 // SSLIOP.idl,v 1.10 2004/04/01 05:16:45 bala Exp
00004 
00005 // File: SSLIOP.idl
00006 // Part of the Security Service with additions from the Firewall
00007 // specification.
00008 
00009 #ifndef _SSLIOP_IDL
00010 #define _SSLIOP_IDL
00011 
00012 #include "tao/IOP.pidl"
00013 #include "Security.idl"
00014 // #include <Firewall.idl>
00015 
00016 #pragma prefix "omg.org"
00017 
00018 module SSLIOP {
00019 
00020   /// Security mechanism SSL
00021   const IOP::ComponentId        TAG_SSL_SEC_TRANS = 20;
00022 
00023   struct SSL {
00024     Security::AssociationOptions    target_supports;
00025     Security::AssociationOptions    target_requires;
00026     unsigned short        port;
00027   };
00028 
00029   // const Firewall::IdTag TAG_ID_SSL_CERT = xx;  // OMG allocated
00030 
00031   /// A DER encoded X.509 certificate.
00032   typedef sequence<octet> ASN_1_Cert;
00033 
00034   /// A chain of DER encoded X.509 certificates.  The chain is actually
00035   /// a sequence, according CORBA CDR encapsulation rules.
00036   /// The sender's certificate is first, followed by any Certificate
00037   /// Authority certificates proceeding sequentially upward.
00038   typedef sequence<ASN_1_Cert> SSL_Cert;
00039 
00040   /// The following are TAO extensions.
00041 # pragma prefix "ssliop.tao"
00042   /// The SSLIOP::Current interface provides methods to gain access to
00043   /// the SSL session state for the current execution context.
00044   local interface Current : CORBA::Current {
00045 
00046 
00047     /// Exception that indicates a SSLIOP::Current operation was
00048     /// invoked outside of an SSL session.
00049     exception NoContext {};
00050 
00051     /// Return the peer certificate associated with the current
00052     /// request.
00053     ASN_1_Cert get_peer_certificate () raises (NoContext);
00054 
00055     /// Return the certificate chain associated with the current
00056     /// execution context.  If no SSL session is being used for the
00057     /// request or upcall, then the NoContext exception is raised.
00058     /**
00059      * On the client side, the chain does include the peer (server)
00060      * certficate.  However, the certificate chain on the server side
00061      * does NOT contain the peer (client) certificate.
00062      */
00063     SSL_Cert get_peer_certificate_chain () raises (NoContext);
00064 
00065     /// Returns true if the current execution context is not within a
00066     /// SSL session.  This method is mostly useful as an inexpensive
00067     /// means of determining whether or not SSL session state is
00068     /// available.
00069     boolean no_context ();
00070   };
00071 
00072   enum FileType {
00073     ASN1,
00074     PEM
00075   };
00076 
00077   struct File {
00078     FileType type;
00079     string filename;
00080     string password;   // Only needed for encrypted PEM files.
00081   };
00082 
00083   /// The AuthData structure is the SSLIOP-specific authentication
00084   /// data that will be passed to the
00085   /// SecurityLevel2::PrincipalAuthenticator::authenticate() method.
00086   /// Note that this TAO-specific.
00087   struct AuthData {
00088     File certificate;
00089     File key;
00090   };
00091 
00092 # pragma prefix "omg.org"
00093 
00094 };
00095 
00096 #pragma prefix ""
00097 
00098 #endif /* _SSLIOP_IDL */
Generated on Thu Nov 9 13:54:13 2006 for TAO_SSLIOP by doxygen 1.3.6