org.omg.CSI.CSI.idl Maven / Gradle / Ivy
//
// CSI.idl
// CORBA Core 3.0 Chapter 24
#pragma prefix "omg.org"
module CSI {
// The OMG VMCID; same value as CORBA::OMGVMCID. Do not change ever.
const unsigned long OMGVMCID = 0x4F4D0;
// An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE
// [1..MAX] OF X.509 certificates encapsulated in a sequence of octets. The
// subject's certificate shall come first in the list. Each following
// certificate shall directly certify the one preceding it. The ASN.1
// representation of Certificate is as defined in [IETF RFC 2459].
typedef sequence X509CertificateChain;
// an X.501 type name or Distinguished Name encapsulated in a sequence of
// octets containing the ASN.1 encoding.
typedef sequence X501DistinguishedName;
// UTF-8 Encoding of String
typedef sequence UTF8String;
// ASN.1 Encoding of an OBJECT IDENTIFIER
typedef sequence OID;
typedef sequence OIDList;
// A sequence of octets containing a GSStoken. Initial context tokens are
// ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1,
// "Mechanism-Independent token Format", pp. 81-82. Initial context tokens
// contain an ASN.1 tag followed by a token length, a mechanism identifier,
// and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The
// encoding of all other GSS tokens (e.g. error tokens and final context
// tokens) is mechanism dependent.
typedef sequence GSSToken;
// An encoding of a GSS Mechanism-Independent Exported Name Object as
// defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent
// Exported Name Object Format," p. 84.
typedef sequence GSS_NT_ExportedName;
typedef sequence GSS_NT_ExportedNameList;
// The MsgType enumeration defines the complete set of service context
// message types used by the CSI context management protocols, including
// those message types pertaining only to the stateful application of the
// protocols (to insure proper alignment of the identifiers between
// stateless and stateful implementations). Specifically, the
// MTMessageInContext is not sent by stateless clients (although it may
// be received by stateless targets).
typedef short MsgType;
const MsgType MTEstablishContext = 0;
const MsgType MTCompleteEstablishContext = 1;
const MsgType MTContextError = 4;
const MsgType MTMessageInContext = 5;
// The ContextId type is used carry session identifiers. A stateless
// application of the service context protocol is indicated by a session
// identifier value of 0.
typedef unsigned long long ContextId;
// The AuthorizationElementType defines the contents and encoding of
// the_element field of the AuthorizationElement.
// The high order 20-bits of each AuthorizationElementType constant
// shall contain the Vendor Minor Codeset ID (VMCID) of the
// organization that defined the element type. The low order 12 bits
// shall contain the organization-scoped element type identifier. The
// high-order 20 bits of all element types defined by the OMG shall
// contain the VMCID allocated to the OMG (that is, 0x4F4D0).
typedef unsigned long AuthorizationElementType;
// An AuthorizationElementType of X509AttributeCertChain indicates that
// the_element field of the AuthorizationElement contains an ASN.1 BER
// SEQUENCE composed of an (X.509) AttributeCertificate followed by a
// SEQUENCE OF (X.509) Certificate. The two-part SEQUENCE is encapsulated
// in an octet stream. The chain of identity certificates is provided
// to certify the attribute certificate. Each certificate in the chain
// shall directly certify the one preceding it. The first certificate
// in the chain shall certify the attribute certificate. The ASN.1
// representation of (X.509) Certificate is as defined in [IETF RFC 2459].
// The ASN.1 representation of (X.509) AtributeCertificate is as defined
// in [IETF ID PKIXAC].
const AuthorizationElementType X509AttributeCertChain = OMGVMCID | 1;
typedef sequence AuthorizationElementContents;
// The AuthorizationElement contains one element of an authorization token.
// Each element of an authorization token is logically a PAC.
struct AuthorizationElement {
AuthorizationElementType the_type;
AuthorizationElementContents the_element;
};
// The AuthorizationToken is made up of a sequence of
// AuthorizationElements
typedef sequence AuthorizationToken;
typedef unsigned long IdentityTokenType;
// Additional standard identity token types shall only be defined by the
// OMG. All IdentityTokenType constants shall be a power of 2.
const IdentityTokenType ITTAbsent = 0;
const IdentityTokenType ITTAnonymous = 1;
const IdentityTokenType ITTPrincipalName = 2;
const IdentityTokenType ITTX509CertChain = 4;
const IdentityTokenType ITTDistinguishedName = 8;
typedef sequence IdentityExtension;
union IdentityToken switch ( IdentityTokenType ) {
case ITTAbsent: boolean absent;
case ITTAnonymous: boolean anonymous;
case ITTPrincipalName: GSS_NT_ExportedName principal_name;
case ITTX509CertChain: X509CertificateChain certificate_chain;
case ITTDistinguishedName: X501DistinguishedName dn;
default: IdentityExtension id;
};
struct EstablishContext {
ContextId client_context_id;
AuthorizationToken authorization_token;
IdentityToken identity_token;
GSSToken client_authentication_token;
};
struct CompleteEstablishContext {
ContextId client_context_id;
boolean context_stateful;
GSSToken final_context_token;
};
struct ContextError {
ContextId client_context_id;
long major_status;
long minor_status;
GSSToken error_token;
};
// Not sent by stateless clients. If received by a stateless server, a
// ContextError message should be returned, indicating the session does
// not exist.
struct MessageInContext {
ContextId client_context_id;
boolean discard_context;
};
union SASContextBody switch ( MsgType ) {
case MTEstablishContext: EstablishContext establish_msg;
case MTCompleteEstablishContext: CompleteEstablishContext complete_msg;
case MTContextError: ContextError error_msg;
case MTMessageInContext: MessageInContext in_context_msg;
};
// The following type represents the string representation of an ASN.1
// OBJECT IDENTIFIER (OID). OIDs are represented by the string "oid:"
// followed by the integer base 10 representation of the OID separated
// by dots. For example, the OID corresponding to the OMG is represented
// as: "oid:2.23.130"
typedef string StringOID;
// The GSS Object Identifier for the KRB5 mechanism is:
// { iso(1) member-body(2) United States(840) mit(113554) infosys(1)
// gssapi(2) krb5(2) }
const StringOID KRB5MechOID = "oid:1.2.840.113554.1.2.2";
// The GSS Object Identifier for name objects of the Mechanism-idependent
// Exported Name Object type is:
// { iso(1) org(3) dod(6) internet(1) security(5) nametypes(6)
// gss-api-exported-name(4) }
const StringOID GSS_NT_Export_Name_OID = "oid:1.3.6.1.5.6.4";
// The GSS Object Identifier for the scoped-username name form is:
// { iso-itu-t (2) international-organization (23) omg (130) security (1)
// naming (2) scoped-username(1) }
const StringOID GSS_NT_Scoped_Username_OID = "oid:2.23.130.1.2.1";
}; // CSI
© 2015 - 2024 Weber Informatics LLC | Privacy Policy