CORBA 2.6.1 Programmer's Guide for C++
Table Of Contents
- HP NonStop CORBA 2.6.1 Programmer's Guide for C++
- New and Changed Information
- Legal Notice
- About This Guide
- Chapter 1. Introduction to NonStop CORBA Programming
- Chapter 2. NonStop CORBA Administrative Environment
- Chapter 3. Compiling and Building an Application
- Chapter 4. Deploying a NonStop CORBA Application
- Chapter 5. Tracing and Debugging Applications
- Chapter 6. Writing Scalable Applications
- Chapter 7. Managing Transactions
- Chapter 8. Writing Multithreaded Applications
- Chapter 9. Designing Advanced Applications
- Chapter 10. Porting CORBA Applications to NonStop CORBA
- Chapter 11. Using the IIOP/SSL API
- Chapter 12. Writing Wrappers for Legacy Clients and Servers
- Appendix A. Architectural Walkthrough
- Appendix B. Object References
- Appendix C. Servant Reference Counting in NonStop CORBA
- Index
const ComponentId TAG_CIPHER_INFO = 0;
const ComponentId TAG_PEER_DN = 1;
const ComponentId TAG_PEER_CERT = 2;
const ComponentId TAG_PEER_CERT_CHAIN = 3;
struct TaggedData {
ComponentId tag;
sequence<octet> data;
};
struct CipherInfo {
int cipher_bits;
string cipher;
};
typedef sequence<TaggedData> ServiceContextBody;
};
#pragma prefix "omg.org"
};
#pragma prefix ""
#endif
SSLIOP::Current
To obtain a reference to SSLIOP::Current, use the standard CORBA::resolve_initial_references mechanism to pass an objectid string of
“SSLIOPCurrent.” The following example obtains a reference to SSLIOP::Current:
int argc = 0;
CORBA::ORB_var orb = CORBA::ORB_init( argc, “”, “my_orb”);
CORBA::Object_var obj = orb->resolve_initial_references( “SSLIOPCurrent” );
SSLIOP::Current_var ssliop = SSLIOP::Current::_narrow( obj.in() );
SSLIOP::Current::get_peer_certificate()
Once an SSL session is active, the peer certificate (client or server) may be obtained by calling get_peer_certificate() which returns the
certificate in DER format. DER (a variant of ASN.1) is the binary, on-the-wire format of the certificate. Once a pointer to the certificate is
obtained, you can use OpenSSL library routines to extract information from the certificate (for example, the issuer or the subject). The following
example obtains the peer certificate by calling SSLIOP::Current::get_peer_certificate():
// If within an SSL session, obtain a pointer to the certificate
if ( ssiop->SSL_session() )
{
SSLIOP::ASN1_cert_var cert = ssliop->get_peer_certificate();
CORBA::Octet *der_cert = cert->get_buffer();
// Use OpenSSL to parse the certificate.
// Convert to OpenSSL internal X509 format (DER to Internal X509)
X509 *peer_x509 = ::d2i_X509(0, &der_cert, cert->length() );
// Obtain the subject's DN.
char dn[256];
::X509_NAME_oneline( ::X509_get_subject_name(peer_x509), dn, sizeof(dn) );
cout << "Peer certificate subject DN is: " << dn >> endl;
}
SSLIOP::Current::get_peer_certificate_chain()
Once an SSL session is active, you can obtain the peer certificate chain by calling get_peer_certificate_chain which returns a sequence of
certificates in DER format. The following example obtains the peer certificate chain by calling SSLIOP::Current::get_peer_certificate_chain():
// If within an SSL session, obtain a pointer to the certificate chain.
if ( ssiop->SSL_session() )
{
SSLIOP::SSL_cert_var chain = ssliop->get_peer_certificate_chain();
// walk the cert chain and print the subject and issuer's DN
for (int i=0; i < chain->length(); i++)
{
CORBA::Octet *der_cert = chain[i];
// Use OpenSSL to parse the certificate.
// Convert to OpenSSL internal X509 format (DER to Internal X509)
X509 *peer_x509 = ::d2i_X509(0, &der_cert, cert->length() );
// Obtain the subject's DN.
char dn[256];
::X509_NAME_oneline( ::X509_get_subject_name(peer_x509), dn, sizeof(dn) );
cout << "Peer certificate subject DN is: " << dn;
::X509_NAME_oneline(::X509_get_issuer_name(peer_x509), dn, sizeof(dn) );
cout << " and the cert was issued by: " << dn << endl;
}
Chapter 10. Porting CORBA Applications to
NonStop
CORBA
Chapter 12. Writing Wrappers for Legacy Clients
and
Servers