geronimo-spec-corba/src/main/idl/CSI.idl

#ifndef _CSI_IDL_
#define _CSI_IDL_
#pragma prefix "omg.org"

#include <IOP.idl>
module IOP {
    const ServiceId SecurityAttributeService = 15;    
};

module CSI {
    // The OMG VMCID; same value as CORBA::OMGVMCID. Do not change ever.
    const unsigned long OMGVMCID = 0x4F4D0;
    // An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE
    // [1..MAX] OF X.509 certificates encapsulated in a sequence of octets. The
    // subject's certificate shall come first in the list. Each following
    // certificate shall directly certify the one preceding it. The ASN.1
    // representation of Certificate is as defined in [IETF RFC 2459].
    typedef sequence <octet> X509CertificateChain;
    // an X.501 type name or Distinguished Name encapsulated in a sequence of
    // octets containing the ASN.1 encoding.
    typedef sequence <octet> X501DistinguishedName;
    // UTF-8 Encoding of String
    typedef sequence <octet> UTF8String;
    // ASN.1 Encoding of an OBJECT IDENTIFIER
    typedef sequence <octet> OID;
    typedef sequence <OID> OIDList;
    // A sequence of octets containing a GSStoken. Initial context tokens are
    // ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1,
    // "Mechanism-Independent token Format", pp. 81-82. Initial context tokens
    // contain an ASN.1 tag followed by a token length, a mechanism identifier,
    // and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The
    // encoding of all other GSS tokens (e.g. error tokens and final context
    // tokens) is mechanism dependent.
    typedef sequence <octet> GSSToken;
    // An encoding of a GSS Mechanism-Independent Exported Name Object as
    // defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent
    // Exported Name Object Format," p. 84.
    typedef sequence <octet> GSS_NT_ExportedName;
    typedef sequence <GSS_NT_ExportedName> GSS_NT_ExportedNameList;
    // The MsgType enumeration defines the complete set of service context
    // message types used by the CSI context management protocols, including
    // those message types pertaining only to the stateful application of the
    // protocols (to insure proper alignment of the identifiers between
    // stateless and stateful implementations). Specifically, the
    // MTMessageInContext is not sent by stateless clients (although it may
    // be received by stateless targets).
    typedef short MsgType;
    const MsgType MTEstablishContext = 0;
    const MsgType MTCompleteEstablishContext = 1;
    const MsgType MTContextError = 4;
    const MsgType MTMessageInContext = 5;
    // The ContextId type is used carry session identifiers. A stateless
    // application of the service context protocol is indicated by a session
    // identifier value of 0.
    typedef unsigned long long ContextId;
    // The AuthorizationElementType defines the contents and encoding of
    // the_element field of the AuthorizationElement.
    // The high order 20-bits of each AuthorizationElementType constant
    // shall contain the Vendor Minor Codeset ID (VMCID) of the
    // organization that defined the element type. The low order 12 bits
    // shall contain the organization-scoped element type identifier. The
    // high-order 20 bits of all element types defined by the OMG shall
    // contain the VMCID allocated to the OMG (that is, 0x4F4D0).
    typedef unsigned long AuthorizationElementType;
    // An AuthorizationElementType of X509AttributeCertChain indicates that
    // the_element field of the AuthorizationElement contains an ASN.1 BER
    // SEQUENCE composed of an (X.509) AttributeCertificate followed by a
    // SEQUENCE OF (X.509) Certificate. The two-part SEQUENCE is encapsulated
    // in an octet stream. The chain of identity certificates is provided
    // to certify the attribute certificate. Each certificate in the chain
    // shall directly certify the one preceding it. The first certificate
    // in the chain shall certify the attribute certificate. The ASN.1
    // representation of (X.509) Certificate is as defined in [IETF RFC 2459].
    // The ASN.1 representation of (X.509) AtributeCertificate is as defined
    // in [IETF ID PKIXAC].
    const AuthorizationElementType X509AttributeCertChain = OMGVMCID | 1;
    typedef sequence <octet> AuthorizationElementContents;
    // The AuthorizationElement contains one element of an authorization token.
    // Each element of an authorization token is logically a PAC.
    struct AuthorizationElement {
        AuthorizationElementType the_type;
        AuthorizationElementContents the_element;
    };
    // The AuthorizationToken is made up of a sequence of
    // AuthorizationElements
    typedef sequence <AuthorizationElement> AuthorizationToken;
    typedef unsigned long IdentityTokenType;
    // Additional standard identity token types shall only be defined by the
    // OMG. All IdentityTokenType constants shall be a power of 2.
    const IdentityTokenType ITTAbsent = 0;
    const IdentityTokenType ITTAnonymous = 1;
    const IdentityTokenType ITTPrincipalName = 2;
    const IdentityTokenType ITTX509CertChain = 4;
    const IdentityTokenType ITTDistinguishedName = 8;
    typedef sequence <octet> IdentityExtension;
    union IdentityToken switch ( IdentityTokenType ) {
    case ITTAbsent: boolean absent;
    case ITTAnonymous: boolean anonymous;
    case ITTPrincipalName: GSS_NT_ExportedName principal_name;
    case ITTX509CertChain: X509CertificateChain certificate_chain;
    case ITTDistinguishedName: X501DistinguishedName dn;
    default: IdentityExtension id;
    };
    struct EstablishContext {
        ContextId client_context_id;
        AuthorizationToken authorization_token;
        IdentityToken identity_token;
        GSSToken client_authentication_token;
    };
    struct CompleteEstablishContext {
        ContextId client_context_id;
        boolean context_stateful;
        GSSToken final_context_token;
    };
    struct ContextError {
        ContextId client_context_id;
        long major_status;
        long minor_status;
        GSSToken error_token;
    };
    // Not sent by stateless clients. If received by a stateless server, a
    // ContextError message should be returned, indicating the session does
    // not exist.
    struct MessageInContext {
        ContextId client_context_id;
        boolean discard_context;
    };
    union SASContextBody switch ( MsgType ) {
    case MTEstablishContext: EstablishContext establish_msg;
    case MTCompleteEstablishContext: CompleteEstablishContext
                                         complete_msg;
    case MTContextError: ContextError error_msg;
    case MTMessageInContext: MessageInContext in_context_msg;
    };
    // The following type represents the string representation of an ASN.1
    // OBJECT IDENTIFIER (OID). OIDs are represented by the string "oid:"
    // followed by the integer base 10 representation of the OID separated
    // by dots. For example, the OID corresponding to the OMG is represented
    // as: "oid:2.23.130"
    typedef string StringOID;
    // The GSS Object Identifier for the KRB5 mechanism is:
    // { iso(1) member-body(2) United States(840) mit(113554) infosys(1)
    // gssapi(2) krb5(2) }
    const StringOID KRB5MechOID = "oid:1.2.840.113554.1.2.2";
    // The GSS Object Identifier for name objects of the Mechanism-independent
    // Exported Name Object type is:
    // { iso(1) org(3) dod(6) internet(1) security(5) nametypes(6)
    // gss-api-exported-name(4) }
    const StringOID GSS_NT_Export_Name_OID = "oid:1.3.6.1.5.6.4";
    // The GSS Object Identifier for the scoped-username name form is:
    // { iso-itu-t (2) international-organization (23) omg (130) security (1)
    // naming (2) scoped-username(1) }
    const StringOID GSS_NT_Scoped_Username_OID = "oid:2.23.130.1.2.1";
}; // CSI
#endif