local interface TLSKeyStoreArgBuilder
inherits from SL3TCPIP::TCPIPArgBuilder
The TLS KeyStore Acquisition Builder extends the TCPIP
Builder. This is because the same TCPIP Acquisition Arguments
apply to TLS, as TCPIP sits underneath TLS.
void addTLSEncodedKeyStoreNoStorePass(in CORBA::OctetSeq keystore,
in string storetype,
in string keyalias,
in string keypass,
in CORBA::StringSeq trusted_cert_names);
This operation is used when there is no password on
the keystore. This approach should only be used in
cases where the integrity of the keystore is not an issue.
keystore - This argument contains the octet
sequence containing the keystore.
storetype - This argument contains the type of the
keystore. Currently, one of "IAIKKeyStore"
or "jks".
keyalias - This argument contains the alias of a private
key in the keystore. If this argument is
an empty string, then the credentials will
be considered anonymous.
keypass - This argument contains the password that
unlocks the private key named by the keyalias.
trusted_cert_names - This argument contains the alias of certificates
in the key store that are considered trusted
to verify certificates of the peer during
authentication. A empty string sequence signifies
that the default chain verifier will accept
chains ending in any trusted certificate
entry found in the keystore.
Note: On the default TLSX509IdentityVerifier, anonymous communication is always allowed.
void addTLSEncodedKeyStoreWithStorePass(in CORBA::OctetSeq keystore,
in string storetype,
in string storepass,
in string keyalias,
in string keypass,
in CORBA::StringSeq trusted_cert_names);
This operation is used when there is a password on
the keystore.
keystore - This argument contains the octet
sequence containing the keystore.
storetype - This argument contains the type of the
keystore. Currently, one of "IAIKKeyStore"
or "jks".
storepass - This is the password that protects the
key store.
keyalias - This argument contains the alias of a private
key in the keystore. If this argument is
an empty string, then the credentials will
be considered anonymous.
keypass - This argument contains the password that
unlocks the private key named by the keyalias.
trusted_cert_names - This argument contains the alias of certificates
in the key store that are considered trusted
to verify certificates of the peer during
authentication. A empty string sequence signifies
that the default chain verifier will accept
chains ending in any trusted certificate
entry found in the keystore.
Note: On the default TLSX509IdentityVerifier, anonymous communication is always allowed.
void addTLSKeyStoreNoStorePass(in string keystore,
in string storetype,
in string keyalias,
in string keypass,
in CORBA::StringSeq trusted_cert_names);
This operation is used when there is no password on
the keystore. This approach should only be used in
cases where the integrity of the keystore is not an issue.
keystore - This argument contains the URL of the
keystore.
storetype - This argument contains the type of the
keystore. Currently, one of "IAIKKeyStore"
or "jks".
keyalias - This argument contains the alias of a private
key in the keystore. If this argument is
an empty string, then the credentials will
be considered anonymous.
keypass - This argument contains the password that
unlocks the private key named by the keyalias.
trusted_cert_names - This argument contains the alias of certificates
in the key store that are considered trusted
to verify certificates of the peer during
authentication. A empty string sequence signifies
that the default chain verifier will accept
chains ending in any trusted certificate
entry found in the keystore.
Note: On the default TLSX509IdentityVerifier, anonymous communication is always allowed.
void addTLSKeyStoreWithStorePass(in string keystore,
in string storetype,
in string storepass,
in string keyalias,
in string keypass,
in CORBA::StringSeq trusted_cert_names);
This operation is used when there is a password on
the keystore.
keystore - This argument contains the URL of the
keystore.
storetype - This argument contains the type of the
keystore. Currently, one of "IAIKKeyStore"
or "jks".
storepass - This is the password that protects the
key store.
keyalias - This argument contains the alias of a private
key in the keystore. If this argument is
an empty string, then the credentials will
be considered anonymous.
keypass - This argument contains the password that
unlocks the private key named by the keyalias.
trusted_cert_names - This argument contains the alias of certificates
in the key store that are considered trusted
to verify certificates of the peer during
authentication. A empty string sequence signifies
that the default chain verifier will accept
chains ending in any trusted certificate
entry found in the keystore.
Note: On the default TLSX509IdentityVerifier, anonymous communication is always allowed.
void addTLSX509IdentityVerifier(in TLSX509IdentityVerifier verifier);This operation adds a X509 Certificate Chain Identity Verifier argument to the acquisition arguments.
verifier - The locally defined interface that will verify
the certificate chain.