Cisco Cisco Prime Optical 10.6 Developer's Guide
Cisco Prime Optical 10.6 GateWay/CORBA Programmer Reference Guide
616
6.5 Using Encryption Between the OSS Client and GateWay/CORBA
Prime Optical uses improved encryption of usernames and passwords for network security. You can set
the Control Panel to send encrypted usernames and passwords to GateWay/CORBA:
the Control Panel to send encrypted usernames and passwords to GateWay/CORBA:
Step 1
Log into the Prime Optical client with administrator privileges.
Step 2
In the Domain Explorer window, choose Administration > Control Panel.
Step 3
Click the GateWay/CORBA Service tab for the GateWay/CORBA Service property sheet.
Step 4
Click the Global tab and check the Enable Encryption for Username and Password check
box.
box.
Step 5
Click Save; then, click Yes in the confirmation dialog box. Changes take effect immediately.
If the OSS clients enable the encryption feature, they must provide implementation for RSA-based
encryption by retrieving the RSA public key or the public key pair from GateWay/CORBA and by using
cryptographic libraries.
encryption by retrieving the RSA public key or the public key pair from GateWay/CORBA and by using
cryptographic libraries.
• To obtain the RSA public key from Prime Optical, use the
emsSessionFactory::EmsSessionFactory_I:: getEmsPublicKey API. See
• To obtain the RSA public key pair from Prime Optical, use the
emsSessionFactory::EmsSessionFactory_I:: getEmsPublicKeyPair API. See
Prime Optical uses a 512-bit (64-byte) key size and returns the string representation of the RSA public
key or public key pair, encoded in the Base64 encoding scheme. OSS clients should use Base64 decoders
to decode the public key and get the byte[] of the public key from the decoded public key string. The
byte[] corresponding to the public key represents the key in its primary encoded format (X.509
SubjectPublicKeyInfo). Using this byte[] and cryptographic libraries, the RSA public key can be created.
One example of the security provider is Bouncy Castle Provider.
Use the public key to encrypt the username and password. Before passing the encrypted username and
password to Prime Optical for login, OSS clients should encode the encrypted username and password by
using Base64 encoders to obtain the string equivalent of the encrypted data.
Use cryptographic libraries implementing RSA public key encryption supporting the “PKCS #1 v2.0
key or public key pair, encoded in the Base64 encoding scheme. OSS clients should use Base64 decoders
to decode the public key and get the byte[] of the public key from the decoded public key string. The
byte[] corresponding to the public key represents the key in its primary encoded format (X.509
SubjectPublicKeyInfo). Using this byte[] and cryptographic libraries, the RSA public key can be created.
One example of the security provider is Bouncy Castle Provider.
Use the public key to encrypt the username and password. Before passing the encrypted username and
password to Prime Optical for login, OSS clients should encode the encrypted username and password by
using Base64 encoders to obtain the string equivalent of the encrypted data.
Use cryptographic libraries implementing RSA public key encryption supporting the “PKCS #1 v2.0
EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2), PKCS1Padding” encoding scheme. Prime Optical
does not provide these cryptographic libraries.
does not provide these cryptographic libraries.
6.6 Using Multiple Naming Servers
Prime Optical can register with multiple naming servers. You must add the following parameters to the
Prime Optical-server-installation-directory/cfg/corbagw.properties file:
Prime Optical-server-installation-directory/cfg/corbagw.properties file:
• corbagw.namingservice.ServerList=ctmc4-u80,ctm7-u60
• corbagw.namingservice.RootIORLoc=/namingroot.ior
• corbagw.namingservice.RootIORLoc=/namingroot.ior
Complete the following steps to allow Prime Optical to use multiple naming servers:
Step 1
In the Domain Explorer window, choose Administration > Control Panel.
Step 2
Click GateWay/CORBA Service to open the GateWay/CORBA Service pane.
Step 3
In the Global tab > GateWay/CORBA Configuration area, specify the following
parameters:
parameters:
Name Service Server List—Lists all the hosts on which the naming service is
running. The hosts should be reachable from the Prime Optical server host, and