Author: adc Date: Mon Jan 24 13:36:06 2005 New Revision: 126318 URL: http://svn.apache.org/viewcvs?view=rev&rev=126318 Log: Added CSIv2 IDL files. Added: geronimo/trunk/modules/interop/src/idl/CSI.idl geronimo/trunk/modules/interop/src/idl/CSIIOP.idl geronimo/trunk/modules/interop/src/idl/GSSUP.idl Modified: geronimo/trunk/modules/interop/maven.xml
Modified: geronimo/trunk/modules/interop/maven.xml Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/interop/maven.xml?view=diff&rev=126318&p1=geronimo/trunk/modules/interop/maven.xml&r1=126317&p2=geronimo/trunk/modules/interop/maven.xml&r2=126318 ============================================================================== --- geronimo/trunk/modules/interop/maven.xml (original) +++ geronimo/trunk/modules/interop/maven.xml Mon Jan 24 13:36:06 2005 @@ -182,10 +182,106 @@ </ant:exec> </goal> - <goal name="interop:idlj:csiv2"> - <!-- Are there any CSIv2 IDL files that require generation? --> - <ant:echo message="Interop :: idlj :: CSIv2"/> - </goal> + <goal name="interop:idlj:csi"> + <ant:echo message="Interop :: idlj :: CSIv2 :: CSI"/> + <ant:exec dir="${basedir}" executable="idlj"> + <ant:arg line="-td"/> + <ant:arg line="${maven.build.src}"/> + <ant:arg line="-i"/> + <ant:arg line="${java.home}/lib"/> + <ant:arg line="-i"/> + <ant:arg line="${maven.src.dir}/idl"/> + <ant:arg line="-verbose"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CosNaming"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSI"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GSSUP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSIIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="${maven.src.dir}/idl/CSI.idl"/> + </ant:exec> + + <ant:echo message="Interop :: idlj :: CSIv2 :: GSSUP"/> + <ant:exec dir="${basedir}" executable="idlj"> + <ant:arg line="-td"/> + <ant:arg line="${maven.build.src}"/> + <ant:arg line="-i"/> + <ant:arg line="${java.home}/lib"/> + <ant:arg line="-i"/> + <ant:arg line="${maven.src.dir}/idl"/> + <ant:arg line="-verbose"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CosNaming"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSI"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GSSUP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSIIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="${maven.src.dir}/idl/GSSUP.idl"/> + </ant:exec> + + <ant:echo message="Interop :: idlj :: CSIv2 :: CSIIOP"/> + <ant:exec dir="${basedir}" executable="idlj"> + <ant:arg line="-td"/> + <ant:arg line="${maven.build.src}"/> + <ant:arg line="-i"/> + <ant:arg line="${java.home}/lib"/> + <ant:arg line="-i"/> + <ant:arg line="${maven.src.dir}/idl"/> + <ant:arg line="-verbose"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="IIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CosNaming"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSI"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="GSSUP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="-pkgPrefix"/> + <ant:arg line="CSIIOP"/> + <ant:arg line="${pkg.prefix}"/> + <ant:arg line="${maven.src.dir}/idl/CSIIOP.idl"/> + </ant:exec> +</goal> <goal name="interop:idlj:costxn"> <!-- Are there any CosTransaction IDL files that require generation? --> @@ -204,6 +300,7 @@ <attainGoal name="interop:idlj:iiop"/> <attainGoal name="interop:idlj:cosnaming"/> <attainGoal name="interop:idlj:interop-rmi-iiop"/> + <attainGoal name="interop:idlj:csi"/> </goal> <preGoal name="java:compile"> Added: geronimo/trunk/modules/interop/src/idl/CSI.idl Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/interop/src/idl/CSI.idl?view=auto&rev=126318 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/interop/src/idl/CSI.idl Mon Jan 24 13:36:06 2005 @@ -0,0 +1,200 @@ +#ifndef _CSI_IDL_ +#define _CSI_IDL_ + +#pragma prefix "omg.org" + +module CSI { + + // The OMG VMCID; same value as CORBA::OMGVMCID. Do not change ever. + const unsigned long OMGVMCID = 0x4F4D0; + + // An X509CertificateChain contains an ASN.1 BER encoded SEQUENCE + // [1..MAX] OF X.509 certificates encapsulated in a sequence of octets. The + // subject’s certificate shall come first in the list. Each following + // certificate shall directly certify the one preceding it. The ASN.1 + // representation of Certificate is as defined in [IETF RFC 2459]. + + typedef sequence <octet> X509CertificateChain; + + // an X.501 type name or Distinguished Name encapsulated in a sequence of + // octets containing the ASN.1 encoding. + + typedef sequence <octet> X501DistinguishedName; + + // UTF-8 Encoding of String + + typedef sequence <octet> UTF8String; + + // ASN.1 Encoding of an OBJECT IDENTIFIER + + typedef sequence <octet> OID; + + typedef sequence <OID> OIDList; + + // A sequence of octets containing a GSStoken. Initial context tokens are + // ASN.1 encoded as defined in [IETF RFC 2743] Section 3.1, + // "Mechanism-Independent token Format", pp. 81-82. Initial context tokens + // contain an ASN.1 tag followed by a token length, a mechanism identifier, + // and a mechanism-specific token (i.e. a GSSUP::InitialContextToken). The + // encoding of all other GSS tokens (e.g. error tokens and final context + // tokens) is mechanism dependent. + + typedef sequence <octet> GSSToken; + + // An encoding of a GSS Mechanism-Independent Exported Name Object as + // defined in [IETF RFC 2743] Section 3.2, "GSS Mechanism-Independent + // Exported Name Object Format," p. 84. + + typedef sequence <octet> GSS_NT_ExportedName; + + typedef sequence <GSS_NT_ExportedName> GSS_NT_ExportedNameList; + + // The MsgType enumeration defines the complete set of service context + // message types used by the CSI context management protocols, including + // those message types pertaining only to the stateful application of the + // protocols (to insure proper alignment of the identifiers between + // stateless and stateful implementations). Specifically, the + // MTMessageInContext is not sent by stateless clients (although it may + // be received by stateless targets). + + typedef short MsgType; + + const MsgType MTEstablishContext = 0; + const MsgType MTCompleteEstablishContext = 1; + const MsgType MTContextError = 4; + const MsgType MTMessageInContext = 5; + + // The ContextId type is used carry session identifiers. A stateless + // application of the service context protocol is indicated by a session + // identifier value of 0. + + typedef unsigned long long ContextId; + + // The AuthorizationElementType defines the contents and encoding of + // the_element field of the AuthorizationElement. + // The high order 20-bits of each AuthorizationElementType constant + // shall contain the Vendor Minor Codeset ID (VMCID) of the + // organization that defined the element type. The low order 12 bits + // shall contain the organization-scoped element type identifier. The + // high-order 20 bits of all element types defined by the OMG shall + // contain the VMCID allocated to the OMG (that is, 0x4F4D0). + + typedef unsigned long AuthorizationElementType; + + // An AuthorizationElementType of X509AttributeCertChain indicates that + // the_element field of the AuthorizationElement contains an ASN.1 BER + // SEQUENCE composed of an (X.509) AttributeCertificate followed by a + // SEQUENCE OF (X.509) Certificate. The two-part SEQUENCE is encapsulated + // in an octet stream. The chain of identity certificates is provided + // to certify the attribute certificate. Each certificate in the chain + // shall directly certify the one preceding it. The first certificate + // in the chain shall certify the attribute certificate. The ASN.1 + // representation of (X.509) Certificate is as defined in [IETF RFC 2459]. + // The ASN.1 representation of (X.509) AtributeCertificate is as defined + // in [IETF ID PKIXAC]. + + const AuthorizationElementType X509AttributeCertChain = OMGVMCID | 1; + + typedef sequence <octet> AuthorizationElementContents; + + // The AuthorizationElement contains one element of an authorization token. + // Each element of an authorization token is logically a PAC. + + struct AuthorizationElement { + AuthorizationElementType the_type; + AuthorizationElementContents the_element; + }; + + // The AuthorizationToken is made up of a sequence of + // AuthorizationElements + + typedef sequence <AuthorizationElement> AuthorizationToken; + + typedef unsigned long IdentityTokenType; + + // Additional standard identity token types shall only be defined by the + // OMG. All IdentityTokenType constants shall be a power of 2. + + const IdentityTokenType ITTAbsent = 0; + const IdentityTokenType ITTAnonymous = 1; + const IdentityTokenType ITTPrincipalName = 2; + const IdentityTokenType ITTX509CertChain = 4; + const IdentityTokenType ITTDistinguishedName = 8; + + typedef sequence <octet> IdentityExtension; + + union IdentityToken switch ( IdentityTokenType ) { + case ITTAbsent: boolean absent; + case ITTAnonymous: boolean anonymous; + case ITTPrincipalName: GSS_NT_ExportedName principal_name; + case ITTX509CertChain: X509CertificateChain certificate_chain; + case ITTDistinguishedName: X501DistinguishedName dn; + default: IdentityExtension id; + }; + + struct EstablishContext { + ContextId client_context_id; + AuthorizationToken authorization_token; + IdentityToken identity_token; + GSSToken client_authentication_token; + }; + + struct CompleteEstablishContext { + ContextId client_context_id; + boolean context_stateful; + GSSToken final_context_token; + }; + + struct ContextError { + ContextId client_context_id; + long major_status; + long minor_status; + GSSToken error_token; + }; + + // Not sent by stateless clients. If received by a stateless server, a + // ContextError message should be returned, indicating the session does + // not exist. + + struct MessageInContext { + ContextId client_context_id; + boolean discard_context; + }; + + union SASContextBody switch ( MsgType ) { + case MTEstablishContext: EstablishContext establish_msg; + case MTCompleteEstablishContext: CompleteEstablishContext complete_msg; + case MTContextError: ContextError error_msg; + case MTMessageInContext: MessageInContext in_context_msg; + }; + + // The following type represents the string representation of an ASN.1 + // OBJECT IDENTIFIER (OID). OIDs are represented by the string "oid:" + // followed by the integer base 10 representation of the OID separated + // by dots. For example, the OID corresponding to the OMG is represented + // as: "oid:2.23.130" + + typedef string StringOID; + + // The GSS Object Identifier for the KRB5 mechanism is: + // { iso(1) member-body(2) United States(840) mit(113554) infosys(1) + // gssapi(2) krb5(2) } + + const StringOID KRB5MechOID = "oid:1.2.840.113554.1.2.2"; + + // The GSS Object Identifier for name objects of the Mechanism-independent + // Exported Name Object type is: + // { iso(1) org(3) dod(6) internet(1) security(5) nametypes(6) + // gss-api-exported-name(4) } + + const StringOID GSS_NT_Export_Name_OID = "oid:1.3.6.1.5.6.4"; + + // The GSS Object Identifier for the scoped-username name form is: + // { iso-itu-t (2) international-organization (23) omg (130) security (1) + // naming (2) scoped-username(1) } + + const StringOID GSS_NT_Scoped_Username_OID = "oid:2.23.130.1.2.1"; + +}; // CSI + +#endif Added: geronimo/trunk/modules/interop/src/idl/CSIIOP.idl Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/interop/src/idl/CSIIOP.idl?view=auto&rev=126318 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/interop/src/idl/CSIIOP.idl Mon Jan 24 13:36:06 2005 @@ -0,0 +1,134 @@ +#ifndef _CSIIOP_IDL_ +#define _CSIIOP_IDL_ +#include <IOP.idl> +#include <CSI.idl> + +#pragma prefix "omg.org" + +module CSIIOP { + + const IOP::ComponentId TAG_NULL_TAG = 34; + const IOP::ComponentId TAG_CSI_SEC_MECH_LIST = 33; + + // Association options + + typedef unsigned short AssociationOptions; + + const AssociationOptions NoProtection = 1; + const AssociationOptions Integrity = 2; + const AssociationOptions Confidentiality = 4; + const AssociationOptions DetectReplay = 8; + const AssociationOptions DetectMisordering = 16; + const AssociationOptions EstablishTrustInTarget = 32; + const AssociationOptions EstablishTrustInClient = 64; + const AssociationOptions NoDelegation = 128; + const AssociationOptions SimpleDelegation = 256; + const AssociationOptions CompositeDelegation = 512; + const AssociationOptions IdentityAssertion = 1024; + const AssociationOptions DelegationByClient = 2048; + + // The high order 20-bits of each ServiceConfigurationSyntax constant + // shall contain the Vendor Minor Codeset ID (VMCID) of the + // organization that defined the syntax. The low order 12 bits shall + // contain the organization-scoped syntax identifier. The high-order 20 + // bits of all syntaxes defined by the OMG shall contain the VMCID + // allocated to the OMG (that is, 0x4F4D0). + + typedef unsigned long ServiceConfigurationSyntax; + + const ServiceConfigurationSyntax SCS_GeneralNames = CSI::OMGVMCID | 0; + const ServiceConfigurationSyntax SCS_GSSExportedName = CSI::OMGVMCID | 1; + + typedef sequence <octet> ServiceSpecificName; + + // The name field of the ServiceConfiguration structure identifies a + // privilege authority in the format identified in the syntax field. If the + // syntax is SCS_GeneralNames, the name field contains an ASN.1 (BER) + // SEQUENCE [1..MAX] OF GeneralName, as defined by the type GeneralNames in + // [IETF RFC 2459]. If the syntax is SCS_GSSExportedName, the name field + // contains a GSS exported name encoded according to the rules in + // [IETF RFC 2743] Section 3.2, "Mechanism-Independent Exported Name + // Object Format," p. 84. + + struct ServiceConfiguration { + ServiceConfigurationSyntax syntax; + ServiceSpecificName name; + }; + + typedef sequence <ServiceConfiguration> ServiceConfigurationList; + + // The body of the TAG_NULL_TAG component is a sequence of octets of + // length 0. + // type used to define AS layer functionality within a compound mechanism + // definition + + struct AS_ContextSec { + AssociationOptions target_supports; + AssociationOptions target_requires; + CSI::OID client_authentication_mech; + CSI::GSS_NT_ExportedName target_name; + }; + + // type used to define SAS layer functionality within a compound mechanism + // definition + + struct SAS_ContextSec { + AssociationOptions target_supports; + AssociationOptions target_requires; + ServiceConfigurationList privilege_authorities; + CSI::OIDList supported_naming_mechanisms; + CSI::IdentityTokenType supported_identity_types; + }; + + // type used in the body of a TAG_CSI_SEC_MECH_LIST component to + // describe a compound mechanism + + struct CompoundSecMech { + AssociationOptions target_requires; + IOP::TaggedComponent transport_mech; + AS_ContextSec as_context_mech; + SAS_ContextSec sas_context_mech; + }; + + typedef sequence <CompoundSecMech> CompoundSecMechanisms; + + // type corresponding to the body of a TAG_CSI_SEC_MECH_LIST + // component + + struct CompoundSecMechList { + boolean stateful; + CompoundSecMechanisms mechanism_list; + }; + + struct TransportAddress { + string host_name; + unsigned short port; + }; + + typedef sequence <TransportAddress> TransportAddressList; + + // Tagged component for configuring SECIOP as a CSIv2 transport mechanism + + const IOP::ComponentId TAG_SECIOP_SEC_TRANS = 35; + + struct SECIOP_SEC_TRANS { + AssociationOptions target_supports; + AssociationOptions target_requires; + CSI::OID mech_oid; + CSI::GSS_NT_ExportedName target_name; + TransportAddressList addresses; + }; + + // tagged component for configuring TLS/SSL as a CSIv2 transport mechanism + + const IOP::ComponentId TAG_TLS_SEC_TRANS = 36; + + struct TLS_SEC_TRANS { + AssociationOptions target_supports; + AssociationOptions target_requires; + TransportAddressList addresses; + }; + +}; //CSIIOP + +#endif Added: geronimo/trunk/modules/interop/src/idl/GSSUP.idl Url: http://svn.apache.org/viewcvs/geronimo/trunk/modules/interop/src/idl/GSSUP.idl?view=auto&rev=126318 ============================================================================== --- (empty file) +++ geronimo/trunk/modules/interop/src/idl/GSSUP.idl Mon Jan 24 13:36:06 2005 @@ -0,0 +1,53 @@ +#ifndef _GSSUP_IDL_ +#define _GSSUP_IDL_ +#include <CSI.idl> + +#pragma prefix "omg.org" + +module GSSUP { + + // The GSS Object Identifier allocated for the + // username/password mechanism is defined below. + // + // { iso-itu-t (2) international-organization (23) omg (130) + // security (1) authentication (1) gssup-mechanism (1) } + + const CSI::StringOID GSSUPMechOID = "oid:2.23.130.1.1.1"; + + // The following structure defines the inner contents of the + // username password initial context token. This structure is + // CDR encapsulated and appended at the end of the + // username/password GSS (initial context) Token. + + struct InitialContextToken { + CSI::UTF8String username; + CSI::UTF8String password; + CSI::GSS_NT_ExportedName target_name; + }; + + typedef unsigned long ErrorCode; + + // GSSUP Mechanism-Specific Error Token + struct ErrorToken { + ErrorCode error_code; + }; + + // The context validator has chosen not to reveal the GSSUP + // specific cause of the failure. + const ErrorCode GSS_UP_S_G_UNSPECIFIED = 1; + + // The user identified in the username field of the + // GSSUP::InitialContextToken is unknown to the target. + const ErrorCode GSS_UP_S_G_NOUSER = 2; + + // The password supplied in the GSSUP::InitialContextToken was + // incorrect. + const ErrorCode GSS_UP_S_G_BAD_PASSWORD = 3; + + // The target_name supplied in the GSSUP::InitialContextToken does + // not match a target_name in a mechanism definition of the target. + const ErrorCode GSS_UP_S_G_BAD_TARGET = 4; + +}; // GSSUP + +#endif
