transportsecurity_p.idl

MICO2.3.13 corba 环境平台

//tabstop=4
//***********************************************************************
// ORBAsec SL3                                                     
// ----------------------------------------------------------------------
// Copyright (C) 2001 Adiron, LLC.                                 
//                    All rights reserved.                         
// ----------------------------------------------------------------------
// $Id$
//***********************************************************************
//
// Marked modifications Copyright (C) 2002, 2003 ObjectSecurity Ltd.
//
#ifndef _TRANSPORT_SECURITY2_IDL_
#define _TRANSPORT_SECURITY2_IDL_

#include <mico/security/transportsecurity.idl>
#include <mico/security/sl3om.idl>

#pragma prefix "adiron.com"

module TransportSecurity
{
    //--------------------------------------------------------------------
    // Transport Security Implementers Interfaces.
    // 
    // These interfaces and definitions are available for different
    // secure transports to be implemented within the ORBAsec Transport
    // Security Framework, which integrates the concepts of secure
    // association with an ORB's transport interfaces.
    //
    //--------------------------------------------------------------------

    typedef string ContextEstablisherId;
    typedef sequence<ContextEstablisherId> ContextEstablisherIdList;

    // Forward Declarations
    local interface ContextEstablisher;
    typedef sequence<ContextEstablisher> ContextEstablisherList;

    local interface InitiatingContext;
    typedef sequence<InitiatingContext> InitiatingContextList;

    local interface AcceptingContext;
    typedef sequence<AcceptingContext> AcceptingContextList;

    /**
     * This type is used to identify listeners for removal.
     * A Listener identity will be assigned to a listener when
     * it is assigned to a particular object.
     */

    // begin of ObjectSecurity removal

//      typedef string ListenerId;

    /**
     * This local interface may be used by transport components
     * to get notified when credentials have been created and
     * are enabled.
     */
//      local interface CredentialsCreationListener {
//          void created_notify(
//              in OwnCredentials creds
//          );
//      };
    
    /**
     * This local interface is used to notify the user when the credentials
     * have been relinquished.
     */
//      local interface RelinquishedCredentialsListener {

//          void relinquished_notify(
//              in SL3CM::CredentialsId creds_id
//          );
//      };

    /**
     * This local interface is used by mostly by auditing functions
     * that want to monitor the establishment of new accepting
     * contexts.
     */
//      local interface AcceptingContextEstablishmentListener {
//          void established_notify(
//              in AcceptingContext accepting_context
//          );
//      };
    
    /**
     * This local interface is used by auditing functions that want
     * to monitor the establishment of new initiating contexts.
     */
//      local interface InitiatingContextEstablishmentListener {
//          void established_notify(
//              in InitiatingContext initiating_context
//          );
//      };
    
    /**
     * The InitiatingContextClosedListener local interface is used by
     * auditing functions that want to  monitor the closing or shutdown
     * of existing initiating contexts.
     */
//      local interface InitiatingContextClosedListener {
//          void closed_notify(
//              in InitiatingContext initiating_context
//          );
//      };

    /**
     * The AcceptingContextClosedListener local interface is used by
     * auditing functions that want to monitor the closing or shutdown
     * of existing accepting contexts.
     */
//      local interface AcceptingContextClosedListener {
//          void closed_notify(
//              in AcceptingContext initiating_context
//          );
//      };

    // end of ObjectSecurity removal
    
    /**
     * The TransportCredentialsCurator local interface is used by the
     * ORB Interceptor to enable any of its valid credentials to start
     * accepting security contexts if not already doing so.
     */
    local interface TransportCredentialsCurator : CredentialsCurator {

        /**
         * The add_credentials_creation_listener operation adds a
         * credentials creation listener.
         */

	// begin of ObjectSecurity removal

//          ListenerId add_credentials_creation_listener(
//              in CredentialsCreationListener listener
//          );
        
        /**
         * The remove_credentials_creation_listener operation removes
         * a credentials creation listener.
         */
//          void remove_credentials_creation_listener(
//              in ListenerId id
//          );

	// end of ObjectSecurity removal
        
        /**
         * The enable_transport_acceptors operation is used by the
         * internals to enable all the credentials to start
         * accepting security associations.
         */
        void enable_transport_acceptors();
    };
    
    /**
     * The TransportOwnCredentials extension of the OwnCredentials
     * is used to give the ability for users these credentials to
     * get notification when these credentials finally become
     * relinquished. These functions are used by the Security
     * Level3 Credentials in their release management.
     */
    local interface TransportOwnCredentials : OwnCredentials {

        /**
         * The add_relinquished_listener operations adds
         * a listener that will get notified when the 
         * OwnCredentials are finally done with any pending
         * work and are relinquished by the security service
         * The credentials must be released.
         */

	// begin of ObjectSecurity removal

//          ListenerId add_relinquished_listener(
//              in RelinquishedCredentialsListener listener
//          );
        
        /**
         * The remove_relinquished_listener operation removes a listener.
         * This function raises a BAD_PARAM exception if the listener
         * is not registered.
         */
//          void remove_relinquished_listener(
//              in ListenerId id
//          );

	// end of ObjectSecurity removal        
    };
    
    /**
     * An object of the TransportInitiator interface 
     * is associated with Transport OwnCredentials.
     * Its operations create or reuse secure context
     * establishers.
     */
    local interface TransportInitiator : CredentialsInitiator {

        /**
         * The increment_work operation is used by the ClientRequestInterceptor
         * when a request is made.
         */
        void increment_work();

        /**
         * The decrement_work operation is used by the ClientRequestInterceptor
         * when a request is done.
         */
        void decrement_work();

        /**
         * The supports_invoc_options operation is used by the
         * framework to discover if this initiator can be used to
         * create the desired secure association.
         * <p>
         * Note:Presently not used, may be deprecated.
         */
        boolean supports_invoc_options(
            in CSIIOP::AssociationOptions invocation_options_supported,
            in CSIIOP::AssociationOptions invocation_options_required
        );
        
        /**
         * The supports_csi_version operation returns true if this
         * initiator supports the particular CSI version.
         */
        boolean supports_csi_version(
            in CSIVersion csi_version
        );
        
        /**
         * The is_usable operation is used by the Transport Security framework
         * to see if this initiator can handle the specified policy
         * against the components of the target's IOR.
         */
        boolean is_usable(
            in  string                   host,
            in  unsigned long            port,
            in  SL3CM::CredsDirective           creds_directive,
            in  SL3CM::FeatureDirective         client_authentication,
            in  SL3CM::FeatureDirective         target_authentication,
            in  SL3CM::FeatureDirective         confidentiality,
            in  SL3CM::FeatureDirective         integrity,
            in  CSIVersion               csi_version,
            in  IOP::TaggedComponentSeq  transport_components
        );
        
        /**
         * The create_context_establishers operation is used by the
         * Transport Security framework to create a set of NEW 
         * ContextEstablishers.
         */
        ContextEstablisherList create_context_establishers(
            in  string                   host,
            in  unsigned long            port,
            in  SL3CM::CredsDirective           creds_directive,
            in  SL3CM::FeatureDirective         client_authentication,
            in  SL3CM::FeatureDirective         target_authentication,
            in  SL3CM::FeatureDirective         confidentiality,
            in  SL3CM::FeatureDirective         integrity,
            in  CSIVersion               csi_version,
            in  IOP::TaggedComponentSeq  transport_components
        );
        
        /**
         * FOR INTERNAL USE OWNLY.
         * This operation returns the context establisher for its identifier.
         * WHAT IS THIS USED FOR? THIS IS USED FOR INTEGRATION WITH THE
         * OCI (because of the IOR profiles are selected
         * before the intercept calls. However, this call could be used to
         * quickly figure out ownership of a ContextEstablisher should the
         * identities mandated to be unique and prefixed with the OwnCredentials
         * id.
         */
        ContextEstablisher get_context_establisher(
            in ContextEstablisherId id
        );
        
        /**
         * The context_establishers attribute contains a
         * list of available context establishers.
         */
        readonly attribute ContextEstablisherList    context_establishers;
        
        /**
         * This is IIOP after all, so we list the host/network interface
         * device from which this establisher will establish contexts.
         */
        readonly attribute string host;
        
        /**
         * The low_port attribute represents the low end of the 
         * range of ports from which the establisher
         * will try to allocate.
         */
        readonly attribute unsigned long low_port;
        
        /**
         * The high_port attribute represents the high end of the 
         * range of ports from which the establisher
         * will try to allocate.
         */
        readonly attribute unsigned long high_port;
        
        /**
         * The add_initiating_context_establishment_listener
         * operation adds an initiating listener, which is called
         * when new contexts are established with the context establishers
         * that are created by this initiator. The listener is given a
         * Listener identifier that can only be used to remove the 
         * listener. 
         * <p>
         * These listeners are needed by certain auditing functions.
         */

	// begin of ObjectSecurity removal

//          ListenerId add_initiating_context_establishment_listener(
//              in InitiatingContextEstablishmentListener listener
//          );
        
        /**
         * The remove_initiating_context_establishment_listener
         * operation removes the listener. This operation raises
         * a BAD_PARAM exception if the listener id is not registered.
         */
//          void remove_initiating_context_establishment_listener(
//              in ListenerId id
//          );  

	// end of ObjectSecurity removal
    };

    /**
     * An object of the TransportAcceptor interface is part of
     * the Own Credentials and is used to accept secure associations
     * from clients.
     */
    local interface TransportAcceptor : CredentialsAcceptor {

        /**
         * The increment_work operation is used by the ClientRequestInterceptor
         * when a request is made.
         */
        void increment_work();

        /**
         * The decrement_work operation is used by the ClientRequestInterceptor
         * when a request is signaled to be received.
         */
        void decrement_work();

        /**
         * This is IIOP after all. The hosts attribute lists the host
         * listening addresses on which these credentials are working.
         */
        readonly attribute CORBA::StringSeq hosts;
        
        /**
         * The port attribute names the allocated listening port.
         */
        readonly attribute unsigned long port;
        
        /**
         * The transport_components operation returns the tagged component
         * that represents the security mechanism according to the CSI version.
         */
        IOP::TaggedComponentSeq transport_components(
            in CSIVersion   csi_version
        );
        
        /**
         * The options_required attribute returns the options required. 
         */