VisiSecure for C++ APIs

This section describes APIs that are defined in VisiSecure for C++. It is separated into subsections including:

•	General API

•

SSL API

•	Certificate API

•

QoP API

•	Authorization API

All classes are under namespace vbsec unless otherwise specified.

Note

HTML documentation of the equivalent VisiSecure for Java API is included in your VisiBroker installation. It can be found at <install_dir>\doc\sec-api-doc.

General API

The general VisiSecure API describes the Current and Context APIs. It provides API information for Principals, Credentials, and Subjects. In addition, the class vbsec::Wallet API is discussed.

class vbsec::Current

The class current represents the view to the thread-specific security context. This object can be obtained through the following code:

CORBA::Object_var obj = orb->resolve_initial_references("VBSecurityCurrent");
Current* c = dynamic_cast <Current*> (obj.in());

Include File

The vbsec.h file should be included when you use this class.

Methods

void asserting (const vbsec::Subject* caller)

Assert a subject as caller identity.

Parameter	Description
caller	The caller name of the subject.

void clearAssertion ()

Clear an assertion made by any previous API call of asserting. The caller before the assertion is made will be restored as the caller for next invocation. This API shall be used in conjunction with asserting. Mismatching calls of these two methods may cause undesired caller identities or unexpected exceptions.

const vbsec::Subject* getPeerSubject ()

Accesses the peer subject.

Returns

The pointer to a Subject object representing the peer.

const vbsec::Subject* getCallerSubject ()

Accesses the caller subject.

Returns

The pointer to a Subject object representing the caller.

const vbsec::SSLSession* getPeerSession (CORBA::Object* peer)

Get the peer SSLSession. This call returns the SSLSession of the client peer for this request. This method cannot be called outside the context of a request.

Parameter	Description
peer	A peer object retrieved from the bind.

Returns

The pointer to a SSLSession currently established.

Exceptions

BAD_OPERATION is thrown if this method is called outside the context of a request or when called in a request context where the request was received over a clear TCP connection.

class vbsec::Context

Context represents the security context under which a client will execute. This class can be obtained through the following code:

CORBA::Object_var obj = orb-resolve_initial_references("VBSecurityContext");
Context* c = dynamic_cast <Context*> (obj.in());

Include File

The vbsec.h file should be included when you use this class.

Methods

void login()

Login into the system. This logs-in to the realms defined in the property vbroker.security.loginRealms. It traverses the list of realms specified and authenticates against each realm.

void login (vbsec::CallbackHandler& handler)

Use this to login to the system using the specified CallbackHandler to obtain the login information.

Parameter	Description
handler	The default callback handler to be used for acquiring information.

void login (const std::string& realm)

Login to the system for a specific realm.

Parameter	Description
realm	The realm to login to.

void login (const std::string& realm, vbsec::CallbackHandler& handler)

Login to the system for a given realm, using a given callback handler for acquiring information.

Parameter	Description
realm	The realm to login to.
handler	The default callback handler to be use for acquiring information.

void login (const vbsec::Wallet& wallet)

Login to the system with a wallet. Wallet can be created using WalletFactory API.

Parameter	Description
wallet	The wallet to be used for login.

void login (const std::vector<const vbsec::Wallet*>& wallet)

Login to the system with a set of wallets specified as a vector.

Parameter	Description
wallet	A wallet to be used for login.

const vbsec::Subject* getSubject (const std::string& realm)

Gets the Subject corresponding to a given realm.

Parameter	Description
wallet	The Realm for a Principal

Returns

A pointer to the Subject object representing the subject of the realm.

void loadVault (std::istream& stream, const CSI::UTF8String& vaultPass)

Loads a given vault. The identities in the vault are loaded into the system. No login required when this method is used.

Parameter	Description
stream	Stream that the vault information will be read from, in binary format.
vaultPass	Password used to decrypt the vault information.

void logout()

Log the user out from all the realms.

void logout (const std::string& realm)

Log the user out from a given realm.

Parameter	Description
realm	The realm to logout from.

void setCallbackHandler (vbsec::CallbackHandler* handler)

Set the default callback handler programmatically. This is similar to using the property vbroker.security.authentication.callbackHandler.

Parameter	Description
handler	The CallbackHandler to be set.

void generateVault( std::ostream& stream, const CSI::UTF8String& password)

Generates a vault. The vault is written out to the stream that is passed in and encrypted using the password provided (also used to decrypt the vault). The password may be null. The vault contains all of the system's identities.

Parameter	Description
stream	The stream that the vault information will be written into, in binary format.
password	The password used to encrypt the vault information.

vbsec::Subject* authenticateUser (const vbsec::Wallet& wallet)

Authenticate the given wallet credential. The login will be performed using the wallet but the authenticated subject will not be used as one of the system identities.

Parameter	Description
wallet	The wallet to be used for authentication

vbsec::Subject* importIdentity (const vbsec::Wallet& wallet)

Import a subject using the given wallet credential. No login is required with this method. The subject will not be used as one of the system identities.

Parameter	Description
wallet	The wallet corresponding to the identity to be imported.

void setPRNGSeed (const CORBA::OctetSequence& seed)

Sets a seed for the pseudo-random generator used by the SSL layer.

Parameter	Description
seed	The seed for the PRNG.

ssl::CipherSuiteInfoList* listAvailableCipherSuites()

Get the list of cipher suites that are available for use with the SSL layer. Note that this is different from the getEnabledCipherSuites call in that not all the available cipher suites may be currently enabled.

Returns

List of cipher suites that are available but may not be enabled for use with the SSL layer.

void enableCipherSuites (const ssl::CipherSuiteInfoList& suites)

Sets the cipher suites that should be enabled for all SSL sessions.

Parameter	Description
suites	An IDL-generated CipherSuiteInfoList type.

ssl::CipherSuiteInfoList* getEnabledCipherSuites()

Gets the set of cipher suites that are currently enabled for all SSL sessions.

Returns

Cipher suites that are currently enabled for all SSL sessions.

void setSSLContext (vbsec::VBSSLContext* ctx)

Sets the SSL context. This allows the establishing of an SSL session using the information defined in VBSSLContext. A VBSSLContext can be created using the SecureSocketProvider API.

Parameter	Description
ctx	The VBSSLContext that is to be used for any SSL session establishment.

VBSSLContext& getSSLContext()

Get the VBSSLContext that is set using the setSSLContext() or return a default VBSSLContext object.

Returns

The VBSSLContext that will be used for any SSLSession establishment.

class vbsec::Principal

Principal represents the identity of a user. This is a virtual class.

Include file

The vbsec.h file should be included when you use this class.

Methods

std::string getName() const

Returns

The name of the Principal.

std::string toString() const

Get the string representation of the Principal.

Returns

The string representation of the Principal.

class vbsec::Credential

Credential represents the information used to authenticate an identity, such as user name and password. This is a virtual class.

Include File

The vbsec.h file should be included when you use this class.

class vbsec::Subject

Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).

Include File

The vbsec.h file should be included when you use this class.

Methods

Principal::set& getPrincipals()

Gets the principals in the subject.

Returns

The set of the principals in the subject. Modifying the content of the set will have no effect on the subject.

void clearPrincipals()

Clears the principals from the subject. All principals in the subject are removed.

Credential::set& getPublicCredentials()

Get the public credentials in the subject—public keys for example.

Returns

The set of the public credential in the subject. Modifying the content of the set will have no effect on the subject.

void clearPublicCredentials()

Clear the public credentials in the subject. All public credentials in the subject will be destroyed and removed.

Credential::set& getPrivateCredentials()

Get the private credentials in the subject—private keys for example.

Returns

The set of the private credential in the subject. Modifying the content of the set will have no effect on the subject.

void clearPrivateCredentials()

Clear the private credentials in the subject. All private credentials in the subject will be destroyed and removed.

Principal::set getPrincipals (const type_info& info) const

Gets a set of principals in the subject which have the same runtime type information as provided.

Parameter	Description
info	The runtime type information that the returned principals shall have.

Returns

A set of the principals in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.

Credential::set getPublicCredentials (const type_info& info) const

Get set of public credentials in the subject which have the same runtime type information as provided.

Parameter	Description
info	The runtime type information that the returned public credential shall have.

Returns

A set of the public credentials in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.

Credential::set getPrivateCredentials (const type_info& info) const

Get set of private credentials in the subject which have the same runtime type information as provided.

Parameter	Description
info	The runtime type information that the returned private credentials shall have.

Returns

A set of the private credentials in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.

class vbsec::Wallet

A Wallet is a holder of credentials usually used in login API calls. A Wallet can be created using WalletFactory APIs and contain multiple types of credentials.

Include File

The vbsec.h file should be included when you use this class.

Methods

std::string getTarget () const

Get the target to which the wallet authenticates.

Returns

The string representation of the target information.

void populateSubject (Subject& subject)

Populate the given subject with necessary credentials or other information for authentication.

Parameter	Description
subject	The subject for the wallet to populate.

class vbsec::WalletFactory

WalletFactory is a factory class to create multiple types of wallets.

Include File

The vbsec.h file should be included when you use this class.

Methods

Wallet* createCertificateWallet (const std::string& name, const std::string& password, const std::string& alias, const std::string& keypassword, short usage)

Create a certificate wallet using a C++ keystore. The C++ keystore is similar to the Java keystore but is implemented using a directory structure. When logging in with a wallet created by this API, the certificate chain will be used in the SSL layer.

Parameter	Description
name	The directory name of the keystore.
password	The password for the keystore, not used for this release.
alias	The alias to be used in the keystore.
keypassword	The password for the private key of the given alias.
short usage	The usage of the certificate information, CLIENT, SERVER or ALL.

Returns

Certificate wallet that contains the given information.

Wallet* createCertificateWallet (const CORBAsec::X509CertList& chain, const CORBAsec::ASN1Object& privkey, const CSI::UTF8String& password)

Create a certificate wallet using a certificate chain, private key and password.

Parameter	Description
chain	The certificate chain to create the wallet.
privkey	The private key of the certificate chain.
password	The password for the private key.

Returns

Certificate wallet that contains the given information.

Wallet* createIdentityWallet (const std::string& username, const std::string& password, const std::string& realm)

Create an identity wallet using a username, password and realm to which the wallet authenticates.

Parameter	Description
username	The username of the identity.
password	The password for the identity.
realm	The realm to which the wallet authenticates.

Returns

Identity wallet that contains the given information.

Wallet* createIdentityWallet (const std::string& username, const std::string& password, const std::string& realm, const std::vector<std::string>& groups)

Create an identity wallet using a username, password, realm to which the wallet authenticates, and a set of group attributes.

Parameter	Description
username	The username of the identity.
password	The password for the identity.
realm	The realm to which the wallet authenticates.
groups	A set of group attributes to which the identity belongs.

Returns

Identity wallet that contains the given information.

SSL API

This section explains the various SSL APIs that interact with VisiSecure's SSL implementation.

class vbsec::SSLSession

SSLSession represents the session of the current SSL connection. The SSLSession can be obtained from vbsec::Context using getPeerSession().

Include File

The vbssp.h file should be included when you use this class.

Methods

time_t getEstablishmentTime() const

Get the time when the SSL connection was established.

Returns

The time when the SSL connection was established.

const ssl::CipherSuiteInfo& getNegotiatedCipher() const

This method returns the negotiated cipher from the peer for a given SSL connection.

Returns

The negotiated cipher from the peer for a given SSL connection.

const CORBAsec::X509CertList& getPeerCertificates() const

Get the certificate chain of the peer.

Returns

Peer certificate chain.

const CORBAsec::X509Cert* getTrustpoint() const

Get the trust point by which the peer is trusted. Null will be returned if peer does not have certificates or its certificates are not trusted.

Returns

The trust point by which the peer is trusted, or null if not.

char* getPeerAddress() const

Get the IP address of the peer.

Returns

Peer IP address in a string with the following format: xxx.xx.xx.xx.

CORBA::UShort getPeerPort() const

Returns the peer port number used by this connection.

Returns

The port number of the peer on the connection.

void prettyPrint (std::ostream& os) const

Print the SSLSession information into the given output stream.

Parameter	Description
os	The output stream to print the SSLSession information.

class vbsec::VBSSLContext

VBSSLContext contains information needed to establish an SSLSession. This object is created using SecureSocketProvider::createSSLContext().

Include File

The vbssp.h file should be included when you use this class.

Methods

const CORBAsec::X509CertList& getCertificates() const

Get the certificate chain representing the identity to be used for the SSL layer.

Returns

The certificate chain representing the identity to be used for the SSL layer.

void setCipherSuiteList (const ssl::CipherSuiteInfoList& list)

This method is used to specify the ciphers available for the SSL connections.

Parameter	Description
list	A list of ciphers that should be available for the SSL connections.

const ssl::CipherSuiteInfoList& getCipherSuiteList() const

Return the ciphers that are currently used by the SSL layer.

Returns

The ciphers that are currently used by the SSL layer.

void addTrustedCertificate
(const CORBAsec::X509Cert& trusted,const CORBAsec::ASN1Object* crl = NULL)

Programmatically add a trusted certificate into the SSL context.

Parameter	Description
trusted	Certificate that is to be trusted.
crl	The CRL issued by the trusted certificate. The default value of NULL means no CRL. Applications can call this method passing only the first argument, in which case the default value of NULL applies.

CORBAsec::X509CertList* getTrustedCertificates() const

Get list of certificates that are trusted.

Returns

List of certificates that are trusted.

class ssl::CipherSuiteInfo

CipherSuiteInfo is a structure containing two fields:

•	CORBA::ULong SuiteID

•	CORBA::String_var Name

This IDL structure contains two fields which describe ciphers according to the SSL specification. The list of SuiteID values and their names is in the include file, ssl_c.h.

Include File

The ssl_c.hh file should be included when you use this class.

class CipherSuiteName

This class provides information about the ciphers used in the Security Service.

Include File

The csstring.h file should be included when you use this class.

Methods

static const char* toString (int tag)

Return a standard representation of a supported SSL cipher.

Parameter	Description
tag	tag associated with the cipher name.

Returns

A stringified description of the cipher.

static const int fromString (char* description)

Give the tag associated to the given cipher description.

Parameter	Description
description	The stringified description of the cipher.

Returns

The tag associated with the cipher name provided as the argument.

class vbsec::SecureSocketProvider

A SecureSocketProvider is the provider for secure socket connections. It provides the function of creating the SSL context, handling SSL certificates, and managing other secure socket-related information.

Include File

The vbssp.h file should be included when you use this class.

Methods

vbsec::VBSSLContext* createSSLContext (const CORBAsec::X509CertList& chain, const CORBAsec::ASN1Object& privkey,
const CSI::UTF8String& password)

This method creates an SSL context using the given information. The SSL context can then be passed into vbsec::Context and used to establish an SSL connection.

Parameter	Description
chain	The certificate chain
privkey	The private key object.
password	The password for the private key.

Returns

VBSSLcontext containing the given information.

void setPRNGSeed (const ssl::Current::PRNGSeed& seed)

Sets a seed for the pseudo-random number generator used by the SSL layer.

Parameter	Description
seed	The seed for the PRNG.

const ssl::CipherSuiteInfoList& listAvailableCipherSuites() const

Gets the list of cipher suites that are available for use with the SSL layer. Note that this is different from the getEnabledCipherSuites call in that not all the available cipher suites may be currently enabled.

Returns

List of cipher suites that are available but may not be enabled for use with the SSL layer.

const CertificateFactory& getCertificateFactory() const

Gets a certificate Factory.

Returns

A CertificateFactory object.

class ssl::Current

The ssl::Current lets your client application or server object set its private key and offer its certificate information to its peer. This interface also lets you configure the SSL connection and associate your certificates and private key with an SSL connection.

Be aware that private keys and certificates contain header and trailer lines, which mark the beginning and end of the key or certificate. All of the methods offered by this interface for setting private keys and certificate chains require that these header and trailer lines be present. The parsing rules for these lines is:

•	The recognized header line format for certificates is:

-----BEGIN CERTIFICATE-----

•	The recognized header line format for private keys is:

-----BEGIN ENCRYPTED PRIVATE KEY-----

•	All header lines must end with a new line character.

•	All trailer lines must be preceded with, and end with, a newline character. PEM-style private keys have two additional header lines that other private keys do not have: Proc-Type and DEK-Info. Both of these lines must be present and they must end with new line characters.

This object can be obtained through the following code:

CORBA::Object_var obj = orb->resolve_initial_references("SSLCurrent");
ssl::Current_var current = ssl::Current::_narrow(obj);

Include File

The ssl_c.hh file should be included when you use this class.

Methods

CORBA::ULong getNegotiatedCipher(CORBA::Object_ptr peer)

This method returns the negotiated cipher from the peer for a given SSL connection.

Parameter	Description
peer	The peer from which you obtain the negotiated cipher.

Returns

A value (tag) representing the cipher used. (Use CipherSuiteName::toString to get a String representation.)

Exceptions

CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.

CORBAsec::X509CertList_ptr getPeerCertificateChain(CORBA::Object_ptr peer)

This method obtains the peer's certificate chain. It is usually invoked by a client application to obtain information from a server, but a server can optionally request information from a client.

Parameter	Description
peer	The peer from which you obtain the negotiated cipher.

Returns

A value representing the cipher used. (Use CipherSuiteName::toString to get a String representation.)

Exceptions

CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.

char* getPeerAddress(CORBA::Object_ptr peer)

Returns a description of the socket parameters used by this connection.

Parameter	Description
peer	The peer from which you obtain the information.

Returns

Peer IP address in a string with the following format: xxx.xx.xx.xx

Exceptions

CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.

CORBA::Boolean isPeerTrusted(CORBA::Object_ptr peer)

Tests if the certificate chain of the peer is trusted—that is, if one certificate of the chain is in the trustpoint.

Parameter	Description
peer	The peer from which you obtain the information.

Returns

true if the chain is trusted, false otherwise.

Exceptions

CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.

trust::Trustpoints_ptr Trustpoints getTrustpointsObject()

Returns a reference to the trustpoint repository. Use this API to access trustpoints object and set trustpoints.

Returns

A reference to the trustpoint repository, which should be assigned to a _var.

void setPRNGSeed (const ssl::Current::PRNGseed& seed)

Sets a seed for the pseudo-random number generator used by the SSL layer.

Parameter	Description
seed	The OctetSequenceseed for the PRNG.

void setPKprincipal (const CORBAsec::ASN1ObjectList chain,&const CORBAsec::ASN1Object& privkey,&const char* password);

This method is used in the client or the server to set the certificate chain and private key that must be used for the SSL connections. This is required for servers and optional for clients. Also look at the peerAuthenticationMode property documented in , “Security Properties for C++.”

Parameter	Description
chain	The certificate chain.
privkey	The private key used for the SSL connection.
password	The password for the private key.

Exceptions

CORBA::BAD_PARAM if the user name or password is null.

void setCipherSuiteList (const ssl::CipherSuiteInfoList& list)

This method is used in the client or the server to specify the ciphers available for the SSL connections.

Parameter	Description
list	A comma-separated list of cipher suites.

ssl::CipherSuiteInfoList* listAvailableCipherSuites()

Returns a list of cipher suites available in VisiSecure. You are responsible for freeing memory.

Returns

A list of cipher suites.

ssl::CipherSuiteInfoList* getCipherSuiteList()

Returns the ciphers that are currently used by the SSL layer.

Returns

A list of cipher suites.

void setP12Identity (const CORBASEC::ASNIOBJECT& pks12cert, const char* password)

Parameter	Description
pks12cert	PKCS#12 formatted data.
password	The private key password.

Certificate API

This API contains classes and methods for working with certificates.

class vbsec::CertificateFactory

This is a utility class for handling of certificates and keys.

Include File

The vbssp.h file should be included when you use this class.

Methods

CORBAsec::X509CertList* importCertificateChain (const CORBAsec::ASN1ObjectList& certs) const

Import the certification chain in the form of CORBAsec::ASN1ObjectList into CORBAsec::X509CertList, which could be used in VBSSLContext.

Parameter	Description
certs	ASN1ObjectList representation of the certificate chain.

Returns

CORBAsec::X509CertList representation of the certificate chain for CORBA transportation.

CORBAsec::X509CertList* importCertificates (const CORBAsec::ASN1ObjectList& certs) const

Import the certification list in the form of CORBAsec::ASN1ObjectList into CORBAsec::X509CertList. Certificates need not be related to each other. The original order is preserved after importing.

Parameter	Description
certs	ASN1ObjectList representation of certificate list

Returns

CORBAsec::X509CertList representation of the certificate list.

CORBAsec::ASN1Object* importPrivateKey (const CORBAsec::ASN1Object& key) const

Convert the private key from BASE64 or PEM format to DER format.

Parameter	Description
key	ASN1ObjectList representation of private key object.

Returns

DER format of the private key.

CORBAsec::X509CertList* importCertificateChain (const CORBAsec::ASN1Object& pkcs12bytes, const CSI::UTF8String& password) const

Imports a certificate chain from pkcs12 binary.

Parameter	Description
pkcs12bytes	ASN1ObjectList representation of pkcs12 binary.
password	Password for the pkcs12 binary.

Returns

CORBAsec::X509CertList representation of the certificate chain.

CORBAsec::ASN1Object* importPrivateKey (const CORBAsec::ASN1Object& pkcs12bytes, const CSI::UTF8String& password) const

Import private key from pkcs12 binary.

Parameter	Description
pkcs12bytes	ASN1ObjectList representation of pkcs12 binary.
password	Password for the pkcs12 binary.

Returns

CORBAsec::ASN1Object representation of the private key object.

const CertificateFactory& printCertificate (const CORBAsec::X509Cert& certificate, std::ostream& stream) const

Print out the certification information into an output stream.

Parameter	Description
certificate	certificate to be printed.
stream	stream to which to output.

Returns

The CertificateFactory.

bool passwordForPrivatekey (const CSI::UTF8String& password, const CORBAsec::ASN1Object& privkey) const

Test if the given password can decrypt the given private key object.

Parameter	Description
password	The password to be tested.
privkey	The private key object to be decrypted.

Returns

true if decryption is successful, false if not.

class CORBAsec::X509Cert

This class represents an X509 certificate. When a client application binds to a CORBA object, the client uses this interface to obtain the server’s certificate information. The server can use this interface to obtain the client’s certification information, if the client has a certificate.

Include File

The X509Cert_c.hh file should be included when you use this class.

Methods

char* getSubjectDN()

Returns the subject DN contained in the certificate.

Returns

The subject name is returned in the following format:

CN=<value>, OU=<value>, O=<value>, L=<value>, S=<value>, C=<value>

char* getIssuerDN()

Returns the issuer DN contained in the certificate.

Returns

The subject name is returned in the following format:

CN=<value>, OU=<value>, O=<value>, L=<value>, S=<value>, C=<value>

CORBA::OctetSequence * getSignatureAlgorithm()

Returns the signature algorithm used in the certificate.

Returns

The signature algorithm used in the certificate.

CORBA::OctetSequence * getHash(CORBASEC::HashAlgorithm algorithm)

Returns a hash of the certificate.

Parameter	Description
algorithm	The hash algorithm. The possible values are: CORBASec::MD5, CORBASec::MD2 and CORBASec::SHA1

Returns

A hash of the certificate using the specified algorithm.

CORBAsec::ASN1Object_ptr getDER()

Returns the DER encoded form of this certificate.

Returns

The ASN.1 DER encoded form of this certificate (assign to a _var).

CORBAsec::SerialNumberValue_ptr getSerialNumber()

Retrieves the serial number of the certificate.

Returns

The serial number of the certificate.

CORBAsec::X509CertExtensionList_ptr getExtensions()

Returns all the extensions available in this certificate as a list of X509CertExtension.

Returns

Returns all the extensions available in this certificate as a list of X509CertExtension. Or, if this certificate has no extensions, the method returns an array of length null. The extensions are not parsed.

CORBA::Boolean isValid (CORBA::ULong_out date)

Checks if a certificate date is between the valid start and end dates.

Parameter	Description
date	An out argument that is set to the expiration date of the certificate, using UNIX time format.

Returns

true if the certificate is valid, false otherwise.

CORBA::ULong startDate()

Gets the date from which a certificate’s validity starts.

Returns

Returns an int representing the number of seconds from midnight, January 1st, 1970.

CORBA::ULong endDate()

Gets the expiration date of the certificate.

Returns

Returns an int representing the number of seconds from midnight, January 1st, 1970.

CORBA::Boolean equals (CORBAsec::X509Cert_ptr other)

Compares two CORBAsec::X509Cert certificates.

Parameter	Description
other	The other certificate to compare to this certificate.

Returns

Returns true (1UL) if the two certificates are identical; otherwise, returns false (0UL).

CORBA::Boolean isTrustpoint()

Checks if this certificate is a trustpoint—that is, if it is a trusted certificate

Returns

If the certificate is a trustpoint, returns true.

class CORBAsec::X509CertExtension

This class is an IDL structure that represents an X509 certificate extension, as follows:

struct X509CertExtension {
long seq;
sequence<long> oid;
boolean critical;
sequence<octet> value;
};

Parameter	Description
seq	A unique number of the extension in the certificate.
oid	The oid of the extension.
value	The value of the extension encoded according to the format specified by the oid.

Include File

The X509Cert_c.hh file should be included when you use this class.

QoP API

The following section details the Quality of Protection API provided with VisiSecure.

class vbsec::ServerConfigImpl

ServerConfigImpl is the implementation of the csiv2::ServerQoPConfig, which is an IDL structure as follows:

ServerConfigImpl (
CORBA::Boolean disable,
CORBA::Short transport,
CORBA::Boolean trustInClient,
csiv2::AccessPolicyManager* access_manager,
const CORBA::StringSequence& realms = _available,
CORBA::Short requiredIdentityType = csiv2::ServerQoPConfig::UP_OR_PK,
CORBA::Boolean supportIdentityAssertion = static_cast<CORBA::Boolean>(1)
);

Parameter	Description
disable	Whether or not to disable security.
transport	The transport mechanism to use. Valid values are: • csiv2::CLEAR_ONLY: no secure transport is necessary • csiv2::SECURE_ONLY: only secure connections are permitted • csiv2::ALL: any method of transport is allowed
trustInClient	Whether or not the target requests the client to authenticate. This value is set on CSIV2 layer.
access_manager	An access manager for the QoP implementation, an implementation of csiv2::AccessPolicyManager defined by the user. If null, it uses a default value.
realms	The available realms in which to implement the policy.
requiredIdentityType	The required identity for the QoP policy implementation. The default value is csiv2::ServerQoPConfig::UP_OR_PK. Possible values are: csiv2:ServerQoPConfig::NO_ID, csiv2::ServerQoPConfig::UP, csiv2::ServerQoPConfig::PK, csiv2::ServerQoPConfig::UP_OR_PK and csiv2::ServerQoPConfig::UP_AND_PK
supportIdentityAssertion	Whether or not the application supports Identity Assertion.

To define the ServerQoPPolicy, you create this object which defines the various characteristics of the policy.

Include File

The CSIV2Policies.h file should be included when you use this class.

class ServerQoPPolicyImpl

ServerQoPPolicyImpl is the implementation of the csiv2::ServerQoPPolicy. The ServerQoPPolicyImpl object impacts the QoP behavior of the server.

Include File

The CSIV2Policies.h file should be included when you use this class.

Methods

ServerQoPPolicyImpl (const csiv2::ServerQoPConfig_var& conf);

Constructor of the ServerQoPPolicyImpl object.

Parameter	Description
conf	ServerQoPConfig object which contains the designed QoP configuration.

virtual csiv2::ServerQoPConfig_ptr config();

Get the ServerQoPConfigImpl object from the ServerQoPPolicyImpl.

Returns

The ServerQoPConfigImpl object from the ServerQoPPolicyImpl.

class vbsec::ClientConfigImpl

ClientConfigImpl is the implementation of the csiv2::ClientQoPConfig. To define the ClientQoPPolicy, you create this object which defines the various characteristics of the policy.

Include File

The CSIV2Policies.h file should be included when you use this class

Methods

ClientConfigImpl (const CORBA::Short transport, const CORBA::Boolean trustInTarget)

Constructor of ClientConfigImpl object.

Parameter	Description
transport	The transport mechanism to use. Valid values are: • csiv2::CLEAR_ONLY: no secure transport is necessary • csiv2::SECURE_ONLY: only secure connections are permitted • csiv2::ALL: any method of transport is allowed
trustInTarget	Whether or not to require the client to authenticate.

class vbsec::ClientQoPPolicyImpl

ClientQoPPolicyImpl is the implementation of the csiv2::ClientQoPPolicy. The ClientQoPPolicyImpl object impacts the QoP behavior of the server.

Include File

The CSIV2Policies.h file should be included when you use this class.

Methods

ClientQoPPolicyImpl( const csiv2::ClientQoPConfig_var& conf);

Constructor for ClientQoPPolicyImpl object.

Parameter	Description
conf	ClientConfigImpl object to be used for the policy.

virtual csiv2::ClientQoPConfig_ptr config();

Returns the ClientConfigImpl object of this ClientQopPolicyImpl.

Returns

The ClientConfigImpl object of this ClientQopPolicyImpl.

Authorization API

The following section describes the classes and methods used for authorization in VisiSecure.

class csiv2::AccessPolicyManager

AccessPolicyManager is used to define your Access Policy for authorization of a client's method calls.

Include File

The CSIV2Policies.h file should be included when you use this class.

Methods

char* domain()

Returns the authorization domain name for the AccessPolicyManager.

Returns

The authorization domain name for the object that uses this AccessPolicyManager.

csiv2::ObjectAccessPolicy* getAccessPolicy (PortableServer_ServantBase* servant, const PortableServer::ObjectId& id, const CORBA::OctetSequence& adapter_id)

Returns the objectAccessPolicy for the servant with the objectId (id) and poa id.

Parameter	Description
servant	The CORBA servant object.
id	the id of the servant object.
adapter_id	The poa id of the servant object.

Returns

ObjectAccessPolicy of the servant object.

class csiv2::ObjectAccessPolicy

This class represents the access policy from AccessPolicyManager.

Include File

The CSIV2Policies.h file should be included when you use this class.

Methods

CORBA::StringSequence* getRequiredRoles (const char* method)

Returned the list of required roles to access the method.

Parameter	Description
method	The method name of interest.

Returns

A list of required roles to access the method.

char* getRunAsRole (const char* method)

Return the run-as role for the method. This method is not used in this release.

Parameter	Description
method	The method name of interest.

Returns

The run-as role configured to access the method.