CORBA 2.6.1 Programmer's Guide for Java

ManualsBrandsHP ManualsServerHP NonStop G-Series

const ServiceId SSLIOP = 0x4E534400; // NSDOM specific service id number 0

typedef unsigned long ComponentId;

const ComponentId TAG_CIPHER_INFO = 0;

const ComponentId TAG_PEER_DN = 1;

const ComponentId TAG_PEER_CERT = 2;

const ComponentId TAG_PEER_CERT_CHAIN = 3;

struct TaggedData {

ComponentId tag;

sequence<octet> data;

};

struct CipherInfo {

int cipher_bits;

string cipher;

};

typedef sequence<TaggedData> ServiceContextBody;

};

#pragma prefix "omg.org"

};

#pragma prefix ""

#endif

SSLIOP::Current

To obtain a reference to SSLIOP::Current, use the standard CORBA::resolve_initial_references mechanism to pass an objectid string of

“SSLIOPCurrent.” The following example obtains a reference to SSLIOP::Current:

import com.tandem.nsdom.SSLIOP.Current;

import com.tandem.nsdom.SSLIOP.CurrentHelper;

import com.tandem.nsdom.SSLIOP.CurrentPackage.NoContext;

class Server {

public static void main(String[] args) {

ORB orb = ORB.init(args, null);

Current ssliop = CurrentHelper.narrow(

orb.resolve_initial_references("SSLIOPCurrent"));

}

SSLIOP::Current_get_methods

Once a SSL session is active, the peer certificate (client or server), may be obtained by calling get_peer_certificate() which returns the certificate

in DER format. DER is a variant of ASN.1 and is the binary, on-the-wire format of the certificate. Once a pointer to the certificate is obtained,

JSSE routines may be used to extract information from the certificate.

if (ssliop.SSL_session()) {

String cipher = ssliop.get_cipher();

int cipbits = ssliop.get_cipher_bits();

String subject = ssliop.get_peer_subject_name();

String issuer = ssliop.get_peer_issuer_name();

byte[] peerCert = ssliop.get_peer_certificate();

byte[][] chain = ssliop.get_peer_certificate_chain();

}

SSLIOP::Current::get_peer_certificate()

Once an SSL session is active, the peer certificate (client or server) may be obtained by calling get_peer_certificate() which returns the

certificate in DER format. DER (a variant of ASN.1) is the binary, on-the-wire format of the certificate. Once a pointer to the certificate is

obtained, you can use OpenSSL library routines to extract information from the certificate (for example, the issuer or the subject). The following

example obtains the peer certificate by calling SSLIOP::Current::get_peer_certificate():

// If within an SSL session, obtain a pointer to the certificate

if ( ssiop->SSL_session() )

{

SSLIOP::ASN1_cert_var cert = ssliop->get_peer_certificate();

CORBA::Octet *der_cert = cert->get_buffer();

// Use OpenSSL to parse the certificate.

// Convert to OpenSSL internal X509 format (DER to Internal X509)

X509 *peer_x509 = ::d2i_X509(0, &der_cert, cert->length() );

// Obtain the subject's DN.

char dn[256];

::X509_NAME_oneline( ::X509_get_subject_name(peer_x509), dn, sizeof(dn) );

cout << "Peer certificate subject DN is: " << dn >> endl;

}

SSLIOP::Current::get_peer_certificate_chain()

Once an SSL session is active, you can obtain the peer certificate chain by calling get_peer_certificate_chain which returns a sequence of

certificates in DER format. The following example obtains the peer certificate chain by calling SSLIOP::Current::get_peer_certificate_chain():