local interface CredentialsCuratorThe
CredentialsCurator object is a single object per an ORB
instance's Transport Security Service. It has the ability to create
CredentialsAcquirers and keeps a list of active default
credentials. It is resolved by a call to
ORB.resolve_initial_references("TransportSecurity:CredentialsCurator");
Or it may be retrieved from the SecurityManager's
credentials_curator attribute.
The following pseudo code describes the process of TLS credentials
acquisition using CredentialsCurator.
// Resolve the Credentials Curator
CredentialsCurator curator = ....
resolve_initial_references("TransportSecurity:CredentialsCurator");
// Build up an acquisition argument (e.g., using SL3TLS::TLSArgBuilder)
Any arg = ...
// Acquire credentials
CredentialsAcquirer acquirer =
curator.acquire_credentials("SL3TLSAQArgs",arg);
// Get credentials and destroy the Credentials Acquirer
OwnCredentials own = acquirer.get_credentials(false);
CredentialsAcquirer for a particular
acquisition method.
readonly attribute OwnCredentialsList default_creds_list;This is the default list of own credentials.
readonly attribute MechanismList supported_mechanisms;This attribute lists the transport mechanism that are supported, such as TCPIP, TLS, SECIOP-Kerberos.
CredentialsAcquirer acquire_credentials(in MechanismId mechanism_id,
in AcquisitionMethod acquisition_method,
in any acquisition_arguments);
This operation starts the process of credentials acquisition and
create a CredentialsAcquirer for a particular
acquisition method. It takes an initial set of arguments for
the acquisition. The content of the arguments are based on the
acquisiton method. Depending on the method, it is possible that
the credentials may be immediately available from a call to
get_credentials on the returned
CredentialsAcquirer.
If the process of credentials acquisition is not completed upon
the return of the acquire_credentials operation,
the returned CredentialsAcquirer object shall have
its current_status at AQST_Continued.
In this case, the get_continuation_data and
continue_acquisition operations shall be used to
complete the credentials acquisition process.
If the process of credentials acquisition fails, it is up to the
implementation to either throw a system exception or return a
CredentialsAcquirer with the AQST_Failed
status.
The acquisition_arguments parameter is a CORBA
any that is constructed according to the acquisition
method used. The ArgumentFactory from the
SL3AQArgs module is a local object that helps
immensely with the construction of this complex argument.
Extensions of that object are defined in their own separate
modules that pertain to the particular acquisition mechanism,
such as the SL3TLS, SL3TCPIP, SL3KRB5 modules.
acquisition_method - The identifier of the desired acquisition method.
A CORBA BAD_PARAM exception will be raised
if the named method is not supported.
acquisition_arguments - The argument of the desired acquisition method.
This CORBA any type is constructed according
to the particular acquisition method.
"SL3AQArgs""SL3TLS""SL3TCPIP""SL3KRB5"OwnCredentials get_own_credentials(in CredentialsId creds_id);This operation retrieves the OwnCredentials, if still available by its credentials identifier.
AcquisitionMethodList get_supported_acquisition_methods(in MechanismId mech_id);This operation returns a list of the supported acquisition methods for the particular mechanism. Method identifiers are defined in modules that signify their support.
"SL3TLS""SL3TCPIP""SL3KRB5"void release_credentials(in CredentialsId creds_id);This operation provides management of the own credentials list, since the own credentials list is used as default credentials policy. This should be to remove the credentials from the default_credentials_list, if there, and calls release() on the credentials. A BAD_PARAM exception is thrown if the credentials do not exist.
void remove_credentials(in CredentialsId creds_id);This operation removes the own credentials from the default_creds_list. However, it does not release the credentials. A BAD_PARAM exception is thrown if the credentials are not on the default credentials list.