CORBA 2.6.1 Programmer's Guide for C++
Table Of Contents
- HP NonStop CORBA 2.6.1 Programmer's Guide for C++
- New and Changed Information
- Legal Notice
- About This Guide
- Chapter 1. Introduction to NonStop CORBA Programming
- Chapter 2. NonStop CORBA Administrative Environment
- Chapter 3. Compiling and Building an Application
- Chapter 4. Deploying a NonStop CORBA Application
- Chapter 5. Tracing and Debugging Applications
- Chapter 6. Writing Scalable Applications
- Chapter 7. Managing Transactions
- Chapter 8. Writing Multithreaded Applications
- Chapter 9. Designing Advanced Applications
- Chapter 10. Porting CORBA Applications to NonStop CORBA
- Chapter 11. Using the IIOP/SSL API
- Chapter 12. Writing Wrappers for Legacy Clients and Servers
- Appendix A. Architectural Walkthrough
- Appendix B. Object References
- Appendix C. Servant Reference Counting in NonStop CORBA
- Index
Chapter 11. Using the IIOP/SSL API
Chapter 11. Using the IIOP/SSL API
SSLIOP IDL Interface
SSLIOP::Current
SSLIOP::Current::get_peer_certificate()
SSLIOP::Current::get_peer_certificate_chain()
This section describes the objects used by applications to access IIOP/SSL.
Note:
Before you begin to use IIOP/SSL you must have installed the IIOP/SSL option for NonStop CORBA. For more
information about configuring and managing IIOP/SSL, see the NonStop CORBA 2.6.1 Administration Guide.
The NonStop CORBA IIOP/SSL option is based on OpenSSL. OpenSSL is an open-source toolkit that implements the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols. OpenSSL also includes a general-purpose cryptography library.
The SSLIOP::Current object allows applications to gain access to the SSL session state as well as to set configuration parameters. The
OpenSSL X.509 certificate routines are available for extracting information from the certificate. The X.509 standard defines what information can
go into a certificate, and describes how the information is formatted (the data format).
SSLIOP IDL Interface
CORBA applications that use global state information may require changes. In general, global state information limits an application's portability,
as well as its ability to take advantage of the scalability features of NonStop CORBA and the NonStop systems. The following example shows an
SSLIOP IDL interface file:
#ifndef _SSLIOP_IDL
#define _SSLIOP_IDL
#pragma prefix "omg.org"
module SSLIOP {
// A DER encoded X.501 Distinguished Name (DN).
typedef sequence<octet> ASN_1_DN;
// A DER encoded X.509 certificate.
typedef sequence<octet> ASN_1_Cert;
// A chain of DER encoded X.509 certificates.
typedef sequence<ASN_1_Cert> SSL_Cert;
#pragma prefix "ssliop.nsdom"
// The SSLIOP::Current interface provides methods to gain access to
// the SSL session state for the current execution context.
local interface Current : CORBA::Current {
// Exception that indicates a SSLIOP::Current operation was
// invoked outside of an SSL session.
exception NoContext {};
// Return the active cipher
string get_cipher() raises (NoContext);
// Return the number of bits in the active cipher
int get_cipher_bits() raises (NoContext);
// Return the peer certificate DN associdate with the current request.
string get_peer_certificate_dn() raises (NoContext);
// Return the peer certificate DN associated with the current request.
ASN_1_DN get_peer_certificate_dn() raises (NoContext);
// Return the peer certificate associated with the current request.
ASN_1_Cert get_peer_certificate () raises (NoContext);
// Return the certificate chain associated with the current
// execution context. If no SSL session is being used for the
// request or upcall, then the NoContext exception is raised.
//
// On the client side, the chain does include the peer (server)
// certficate. However, the certificate chain on the server side
// does NOT contain the peer (client) certificate.
SSL_Cert get_peer_certificate_chain () raises (NoContext);
// Returns true if the current execution context within a
// SSL session.
boolean SSL_session ();
// SSLIOP Service Context definition.
typedef unsigned long ServiceId;
const ServiceId SSLIOP = 0x4E534400; // NSDOM specific service id number 0
typedef unsigned long ComponentId;