📄 sl3tls.idl
字号:
* @param keypass This argument contains the password that * unlocks the private key named by the keyalias. * @param trusted_cert_names * This argument contains the alias of certificates * in the key store that are considered trusted * to verify certificates of the peer during * authentication. A empty string sequence signifies * that the default chain verifier will accept * chains ending in any trusted certificate * entry found in the keystore. * <p> * Note: On the default TLSX509IdentityVerifier, anonymous * communication is always allowed. */ void addTLSEncodedKeyStoreNoStorePass( in CORBA::OctetSeq keystore, in string storetype, in string keyalias, in string keypass, in CORBA::StringSeq trusted_cert_names ); }; /** * This acquisition mechanism specifies getting TLS credential * information from a Java KeyStore file. The Argument Factory * and Builder inherit the TCPIP. * The arguments used in TCPIP apply * in setting up TCPIP sockets, because TCPIP lies * below SSL/TLS. * <p> * If the TCPIPInitiatorOptions and/or TCPIPAcceptorOptions * arguments are present, then they are followed, otherwise * defaults for TCPIP are used. * <p> * The Arguments should have one of * TLSKeyStoreWithStorePass or TLSKeyStoreNoStorePass. If * neither of them is specified, the resulting Credentials will * run in TLS anonymously. * */ // begin of ObjectSecurity removal// const SL3CM::AcquisitionMethod// AQM_TLSKeyStoreArgs = "TLSKeyStoreArgs"; // end of ObjectSecurity removal // begin of ObjectSecurity addition /** * Implementation of this interface is used by the security service * during the decision if SL3CSI/CSIv2 enabled server can accept * request sent from plain TLS client, i.e. accept based on transport * security credentials */ local interface TLSX509IdentityProcessor { /** * This operation is called by the security service * to find out if supplied principal is allowed * to make a request on a target -- if it is, it returns * TRUE, if not, it returns FALSE */ boolean verify_identity(in SL3PM::Principal ident); }; local interface OpenSSLConfigArgBuilder : SL3TCPIP::TCPIPArgBuilder { void add_tls_acceptor_options(in string ca, in string cert, in string key); void add_tls_acceptor_options_with_passphrase (in string ca, in string cert, in string key, in string passphrase); void add_tls_initiator_options(in string ca, in string cert, in string key); void add_tls_initiator_options_with_passphrase (in string ca, in string cert, in string key, in string passphrase); void add_tls_anonymous_initiator_options(in string ca); void add_initiator_cipher(in string cipher); void add_acceptor_cipher(in string cipher); void add_initiator_verify_depth(in long depth); void add_acceptor_verify_depth(in long depth); void add_initiator_identity_verifier(in TLSX509IdentityVerifier verifier); void add_acceptor_identity_verifier(in TLSX509IdentityVerifier verifier); }; // end of ObjectSecurity addition /** * This object allows to create the Builder for use with TLS * and a Java KeyStore. */ // begin of ObjectSecurity removal// local interface ArgumentFactory : SL3TCPIP::ArgumentFactory { /** * This operation creates a TLS KeyStore Arg Builder * object. */ // begin of ObjectSecurity change // kcg change// TLSKeyStoreArgBuilder createTLSKeyStoreArgBuilder(// in TransportSecurity::CredentialsUsage usage// ); /** * This operation creates a Tagged Argument containing * a reference to a X509 Certificate Chain Verifier */ // kcg change// SL3AQArgs::Argument createTLSX509IdentityVerifier(// in TLSX509IdentityVerifier verifier// ); /** * This operation creates a Tagged Argument containing * the following information for acquiring credentials * from a Java KeyStore that is protected with a password. * <p> * For a description of the arguments, please see the * corresponding operation in the TLSKeyStoreArgBuilder. * * @see TLSKeyStoreArgBuilder */ // kcg change// SL3AQArgs::Argument createTLSKeyStoreWithStorePass(// in string keystore,// in string storetype,// in string storepass,// in string keyalias,// in string keypass,// in CORBA::StringSeq trusted_cert_names// ); /** * This operation creates a Tagged Argument containing * the following information for acquiring credentials * from a Java KeyStore that may be protected with a password. * <p> * For a description of the arguments, please see the * corresponding operation in the TLSKeyStoreArgBuilder. * * @see TLSKeyStoreArgBuilder */ // kcg change// SL3AQArgs::Argument createTLSKeyStoreNoStorePass(// in string keystore,// in string storetype,// in string keyalias,// in string keypass,// in CORBA::StringSeq trusted_cert_names// ); /** * This operation creates a Tagged Argument containing * the following information for acquiring credentials * from a Java KeyStore that is protected with a password. * <p> * For a description of the arguments, please see the * corresponding operation in the TLSKeyStoreArgBuilder. * * @see TLSKeyStoreArgBuilder */ // kcg change// SL3AQArgs::Argument createTLSEncodedKeyStoreWithStorePass(// in CORBA::OctetSeq keystore,// in string storetype,// in string storepass,// in string keyalias,// in string keypass,// in CORBA::StringSeq trusted_cert_names// ); /** * This operation creates a Tagged Argument containing * the following information for acquiring credentials * from a Java KeyStore that may be protected with a password. * <p> * For a description of the arguments, please see the * corresponding operation in the TLSKeyStoreArgBuilder. * * @see TLSKeyStoreArgBuilder */ // kcg change// SL3AQArgs::Argument createTLSEncodedKeyStoreNoStorePass(// in CORBA::OctetSeq keystore,// in string storetype,// in string keyalias,// in string keypass,// in CORBA::StringSeq trusted_cert_names// ); // end of ObjectSecurity change// }; // end of ObjectSecurity removal};#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -