Ice Reference Manual
<<< PreviousSlice DocumentationNext >>>

IceSSL::Plugin

Overview

local interface Plugin
    extends 
	::Ice::Plugin

The interface for the SSL plug-in. This interface is typically used to perform programmatic configuration of the plug-in.

Operation Index

addTrustedCertificate

Add a trusted certificate to the plug-in's default certificate store.

addTrustedCertificateBase64

Add a trusted certificate to the plug-in's default certificate store.

configure

Configure the plug-in.

getDefaultCertVerifier

Retrieves an instance of the CertificateVerifier that is installed by default in all plug-in instances.

getSingleCertVerifier

Returns an instance of a CertificateVerifier that only accepts a single certificate, that being the RSA certificate represented by the binary DER encoding contained in the provided byte sequence.

loadConfig

Configure the plug-in for the given Context using the settings in the given configuration file.

setCertificateVerifier

Set the CertificateVerifier used for the indicated ContextType role.

setRSAKeys

Set the RSA keys to be used by the plug-in when operating in the context mode specified by ContextType.

setRSAKeysBase64

Set the RSA keys to be used by the plug-in when operating in the context mode specified by ContextType.

addTrustedCertificate

void addTrustedCertificate(ContextType cType,
    ::Ice::ByteSeq certificate);

Add a trusted certificate to the plug-in's default certificate store. The provided certificate (passed in binary DER format) is added to the trust list so that the certificate, and all certificates signed by its private key, are trusted. This method only affects new connections -- existing connections are left unchanged.

Parameters

contextType

The Context(s) in which to add the trusted certificate.

certificate

The certificate, in binary DER format, to be trusted.

addTrustedCertificateBase64

void addTrustedCertificateBase64(ContextType cType,
    string certificate);

Add a trusted certificate to the plug-in's default certificate store. The provided certificate (passed in Base64-encoded binary DER format, as per the PEM format) is added to the trust list so that the certificate, and all certificates signed by its private key, are trusted. This method only affects new connections -- existing connections are left unchanged.

Parameters

contextType

The Context(s) in which to add the trusted certificate.

certificate

The certificate to be trusted, in Base64-encoded binary DER format.

configure

void configure(ContextType cType);

Configure the plug-in. If the plug-in is left in an unconfigured state, it will load its configuration from the properties IceSSL.Server.Config or IceSSL.Client.Config, depending on the context type. Configuration property settings will also be loaded during this operation, with the property values overriding those of the configuration file.

Parameters

contextType

The Context(s) to configure.

getDefaultCertVerifier

CertificateVerifier getDefaultCertVerifier();

Retrieves an instance of the CertificateVerifier that is installed by default in all plug-in instances.

Return Value

CertificateVerifier

getSingleCertVerifier

CertificateVerifier getSingleCertVerifier(::Ice::ByteSeq certificate);

Returns an instance of a CertificateVerifier that only accepts a single certificate, that being the RSA certificate represented by the binary DER encoding contained in the provided byte sequence. This is useful if you wish your application to accept connections from one party.

Note

Be sure to use the peer verifymode in your SSL configuration file.

Parameters

certificate

A DER encoded RSA certificate.

Return Value

CertificateVerifier

loadConfig

void loadConfig(ContextType cType,
    string configFile,
    string certPath);

Configure the plug-in for the given Context using the settings in the given configuration file. If the plug-in is left in an unconfigured state, it will load its configuration from the property IceSSL.Server.Config or IceSSL.Client.Config, depending on the context type. Configuration property settings will also be loaded as part of this operation, with the property values overriding those of the configuration file.

Parameters

contextType

The Context to configure.

configFile

The file containing the SSL configuration information.

certPath

The path where certificates referenced in loadConfig may be found.

setCertificateVerifier

void setCertificateVerifier(ContextType cType,
    CertificateVerifier certVerifier);

Set the CertificateVerifier used for the indicated ContextType role. All plug-in Contexts are created with default CertificateVerifier objects installed. Replacement CertificateVerifiers can be specified using this operation. This operation only affects new connections -- existing connections are left unchanged.

Parameters

contextType

The Context(s) in which to install the Certificate Verifier.

certVerifier

The CertificateVerifier to install.

See Also

CertificateVerifier

setRSAKeys

void setRSAKeys(ContextType cType,
    ::Ice::ByteSeq privateKey,
    ::Ice::ByteSeq publicKey);

Set the RSA keys to be used by the plug-in when operating in the context mode specified by ContextType. This method only affects new connections -- existing connections are left unchanged.

Parameters

contextType

The Context(s) in which to set/replace the RSA keys.

privateKey

The RSA private key, in binary DER format.

publicKey

The RSA public key, in binary DER format.

setRSAKeysBase64

void setRSAKeysBase64(ContextType cType,
    string privateKey,
    string publicKey);

Set the RSA keys to be used by the plug-in when operating in the context mode specified by ContextType. This method only affects new connections -- existing connections are left unchanged.

Parameters

contextType

The Context(s) in which to set/replace the RSA keys.

privateKey

The RSA private key, in Base64-encoded binary DER format.

publicKey

The RSA public key, in Base64-encoded binary DER format.

<<< PreviousHomeNext >>>
IceSSL::ContextTypeUpIceSSL::PrivateKeyException