Add secure sockets to dart:io

lib/io/tls_socket.dart

+// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+abstract class TlsSocket implements Socket {
+  /**
+   * Constructs a new secure socket and connect it to the given
+   * host on the given port. The returned socket is not yet connected
+   * but ready for registration of callbacks.
+   */
+  factory TlsSocket(String host, int port) => new _TlsSocket(host, port);
+
+  /**
+   * Initializes the TLS library with the path to a certificate database
+   * containing root certificates for verifying certificate paths on
+   * client connections, and server certificates to provide on server
+   * connections.
+   */
+  external static void setCertificateDatabase(String pkcertDirectory);
+}
+
+class _TlsSocket implements TlsSocket {

[Anders Johnsen, 2012/11/01 07:27:21]

A higher level question: Would it make sense to expose the TlsFilter as a filter
anyone can use to 'secure' any sequence of data?

[Bill Hesse, 2012/11/11 22:34:34]

I can't see a way anyone could really use it, because it requires a handshake. 
But to keep the design clean, the _TlsFilter class does expose a clean
interface, and could be made public.  There is a hidden dependency, that the
static method TlsSocket.setCertificateDatabase needs to be called before a
filter is created.  Perhaps the method should be moved to TlsFilter, and called
from TlsSocket.



On 2012/11/01 07:27:21, ajohnsen wrote:

+  static final int _BUFFER_SIZE = 2048;

[Mads Ager (google), 2012/11/01 10:09:01]

The name here is using an '_' in from of it and none of the others are. Users
cannot access these anyway because they are static and you cannot access
_TlsSocket. It should therefore be safe to remove the '_' here.

[Bill Hesse, 2012/11/11 22:34:34]

Constant removed.
On 2012/11/01 10:09:01, Mads Ager wrote:

+
+  // Status states
+  static final int NOT_CONNECTED = 200;
+  static final int HANDSHAKE = 201;
+  static final int CONNECTED = 202;
+  static final int CLOSED = 203;
+
+  // Buffer identifiers.
+  static final int kReadPlaintext = 0;

[Mads Ager (google), 2012/11/01 10:09:01]

This is using a different naming style than the other constants.

[Bill Hesse, 2012/11/11 22:34:34]

Should we be consistent?  Which do you prefer?
It does seem like the states are like enum constants, while the k-constants are
actual values.

On 2012/11/01 10:09:01, Mads Ager wrote:

[Mads Ager (google), 2012/11/12 11:39:08]

Of course we should be consistent!

The are all just 'static final int' and we have a naming convention for those.
In the rest of dart:io we have been using UPPER_CASE for all of these. Please do
so here as well. These are all constants and therefore use the same naming
convention.

[Bob Nystrom, 2012/11/14 18:06:36]

Style nit. These are technically not constants, they're finals. Either of the
following would be OK according to the style guide:

static const READ_PLAINTEXT = 0;
static final readPlaintext = 0;

If it's "conceptually constant" but not an actual const declaration, it should
be camelCase without any prefix.

The idea here is that this way users of a library can tell which things can be
used in their own constant expressions and which cannot. If you were to name
this READ_PLAINTEXT but leave it static final, it would confuse users who then
get an error in something like const [READ_PLAINTEXT].

+  static final int kWritePlaintext = 1;
+  static final int kReadEncrypted = 2;
+  static final int kWriteEncrypted = 3;
+  static final int kNumBuffers = 4;
+
+  // Constructs a new secure client socket.
+  _TlsSocket(String host, int port)
+      : _socket = new Socket(host, port),
+        _tlsFilter = new _TlsFilter() {
+    _socket.onConnect = _tlsConnectHandler;
+    _socket.onWrite = _tlsWriteHandler;
+    _socket.onData = _tlsDataHandler;
+    _socket.onClosed = _tlsCloseHandler;
+    _tlsFilter.init();
+    _tlsFilter.registerHandshakeCallbacks(_tlsHandshakeStartHandler,
+                                          _tlsHandshakeFinishHandler);
+  }
+
+  void set onConnect(void callback()) {
+    _socketConnectHandler = callback;
+  }
+
+  void set onWrite(void callback()) {
+    _socketWriteHandler = callback;
+    // Reset the one-shot onWrite handler.
+    _socket.onWrite = _tlsWriteHandler;
+  }
+
+  void set onData(void callback()) {
+    _socketDataHandler = callback;
+  }
+
+  void set onClosed(void callback()) {
+    _socketCloseHandler = callback;
+  }
+
+  void _tlsConnectHandler() {
+    _connectPending = true;
+    _tlsFilter.connect();
+  }
+
+  void _tlsWriteHandler() {
+    if (_status == HANDSHAKE) {
+      _writeEncryptedData();
+      _readEncryptedData();
+      _tlsFilter.connect();
+      // Only do this if we have more data to write.
+      if (_tlsFilter.buffers[kWriteEncrypted].length > 0) {
+        _socket.onWrite = _tlsWriteHandler;
+      }
+    } else if (_status == CONNECTED) {
+      if (_socketWriteHandler != null) {
+        _socketWriteHandler();
+      }
+    }
+  }
+
+  void _tlsDataHandler() {
+    if (_status == HANDSHAKE) {
+      _readEncryptedData();
+      _writeEncryptedData();
+      _tlsFilter.connect();
+      _socket.onWrite = _tlsWriteHandler;
+    } else {
+      if (scheduledDataEvent != null) {
+        scheduledDataEvent.cancel();
+        scheduledDataEvent = null;
+      }
+      if (_socketDataHandler != null) {
+        _readEncryptedData();
+        _socketDataHandler();
+      }
+    }
+  }
+
+  void _tlsCloseHandler() {
+    _socketClosed = true;
+    _status = CLOSED;
+    _socket.close();
+    if (_filterEmpty) {
+      _fireCloseEvent();
+    } else {
+      _fireCloseEventPending = true;
+    }
+  }
+
+  void _tlsHandshakeStartHandler() {
+    _status = HANDSHAKE;
+    _socket.onWrite = _tlsWriteHandler;
+  }
+
+  void _tlsHandshakeFinishHandler() {
+    _status = CONNECTED;
+    if (_connectPending && _socketConnectHandler != null) {
+      _connectPending = false;
+      _socketConnectHandler();
+    }
+  }
+
+  void _fireCloseEvent() {
+    _fireCloseEventPending = false;
+    _tlsFilter.destroy();
+    _tlsFilter = null;
+    if (scheduledDataEvent != null) {
+      scheduledDataEvent.cancel();
+    }
+    if (_socketCloseHandler != null) {
+      _socketCloseHandler();
+    }
+  }
+
+  void close([bool halfClose]) {
+    _socket.close(halfClose);
+  }
+
+  int readList(List<int> data, int offset, int bytes) {
+    print("Entering readList");

[Mads Ager (google), 2012/11/01 10:09:01]

Debug printing.

[Bill Hesse, 2012/11/11 22:34:34]

Done.

+    _readEncryptedData();
+    if (offset < 0 || bytes < 0 || offset + bytes > data.length) {
+      throw new IllegalArgumentException(
+          "Invalid offset or bytes in TlsSocket.readList");
+    }
+    int bytesRead = 0;
+    var buffer = _tlsFilter.buffers[kReadPlaintext];
+    if (buffer.length == 0 && buffer.start != 0) {
+      throw "Unexpected buffer state in TlsSocket.readList";
+    }
+    if (buffer.length > 0) {
+      int toRead = min(bytes, buffer.length);
+      data.setRange(offset, toRead, buffer.data, buffer.start);
+      buffer.advanceStart(toRead);
+      bytesRead += toRead;
+    }
+    print("Before processBuffer(readPlaintext)");
+    int newBytes = _tlsFilter.processBuffer(kReadPlaintext);
+    if (newBytes > 0) {
+      buffer.length += newBytes;
+    }
+    if (bytes - bytesRead > 0 && buffer.length > 0) {
+      int toRead = min(bytes - bytesRead, buffer.length);
+      data.setRange(offset + bytesRead, toRead, buffer.data, buffer.start);
+      buffer.advanceStart(toRead);
+      bytesRead += toRead;
+    }
+
+    // If bytesRead is 0, then something is blocked or empty, and
+    // we are guaranteed an event when it becomes unblocked.
+    // Otherwise, give an event if there is data available, and
+    // there has been a read call since the last data event.
+    // This gives the invariant that:
+    // If there is data available, and there has been a read after the
+    // last data event (or no previous one fired), then we are guaranteed
+    // to get a data event.
+    _filterEmpty = (bytesRead == 0);
+    if (bytesRead > 0 && scheduledDataEvent == null) {
+      scheduledDataEvent = new Timer(0, (_) => _tlsDataHandler());
+    } else if (bytesRead == 0) {
+      if (_fireCloseEventPending) {
+        _fireCloseEvent();
+      } else if (scheduledDataEvent != null) {
+        scheduledDataEvent.cancel();
+        scheduledDataEvent = null;
+      }
+    }
+    return bytesRead;
+  }
+
+
+  // Write the data to the socket, and flush it as much as possible
+  // without blocking.  If not all the data is written, enable the
+  // onWrite event.  If data is not all flushed, add handlers to all
+  // relevant events.
+  int writeList(List<int> data, int offset, int bytes) {
+    _writeEncryptedData();  // Tries to flush all post-filter stages.
+    var buffer = _tlsFilter.buffers[kWritePlaintext];
+    if (bytes > buffer.free) {
+      bytes = buffer.free;
+    }
+    if (bytes > 0) {
+      buffer.data.setRange(buffer.start + buffer.length, bytes, data, offset);
+      buffer.length += bytes;
+    }
+    int bytesWritten = _tlsFilter.processBuffer(kWritePlaintext);
+    buffer.advanceStart(bytesWritten);
+    print("bytesWritten $bytesWritten");
+    _readEncryptedData();
+    _writeEncryptedData();
+    return bytes;
+  }
+
+  void _readEncryptedData() {
+    // Read from the socket and write to the filter.
+    print("Entering readEncryptedData");

[Anders Johnsen, 2012/11/01 07:27:21]

Debug info.

+    var buffer = _tlsFilter.buffers[kReadEncrypted];
+    while (true) {
+      print("    buffer.length: ${buffer.length}");

[Anders Johnsen, 2012/11/01 07:27:21]

Debug info.

+      if (buffer.length > 0) {
+        int bytes = _tlsFilter.processBuffer(kReadEncrypted);
+        if (bytes > 0) {
+          buffer.advanceStart(bytes);
+        } else {
+          break;
+        }
+      } else if (!_socketClosed) {
+        int bytes = _socket.readList(buffer.data,
+                                     buffer.start + buffer.length,
+                                     buffer.free);
+        print("    bytes read from socket: $bytes");

[Anders Johnsen, 2012/11/01 07:27:21]

Debug info.

+        if (bytes <= 0) break;
+        buffer.length += bytes;
+      } else {
+        break;  // Socket is closed and read buffer is empty.
+      }
+    }
+  }
+
+  void _writeEncryptedData() {
+    // Write from the filter to the socket.
+    var buffer = _tlsFilter.buffers[kWriteEncrypted];
+    while (true) {
+      print("top of while loop: buffer.length = ${buffer.length}");

[Anders Johnsen, 2012/11/01 07:27:21]

Debug info

+      if (buffer.length > 0) {
+        int bytes = _socket.writeList(buffer.data, buffer.start, buffer.length);
+        if (bytes <= 0) break;
+        buffer.advanceStart(bytes);
+      } else {
+        if (buffer.start != 0 || buffer.length != 0) {
+          throw "Unexpected state in _writeEncryptedData";
+        }
+        int bytes = _tlsFilter.processBuffer(kWriteEncrypted);
+        print("foo writeEncrypted processBuffer returned $bytes");

[Anders Johnsen, 2012/11/01 07:27:21]

Debug info.

+        if (bytes <= 0) break;
+        buffer.length += bytes;
+      }
+    }
+  }
+
+  // _TlsSocket cannot extend _Socket and use _Socket's factory constructor.
+  Socket _socket;
+
+  var _status = NOT_CONNECTED;
+  bool _socketClosed = false;
+  bool _filterEmpty = false;
+  bool _connectPending = false;
+  bool _fireCloseEventPending = false;
+  Function _socketConnectHandler;
+  Function _socketWriteHandler;
+  Function _socketDataHandler;
+  Function _socketCloseHandler;
+  Timer scheduledDataEvent;
+
+  var _tlsFilter;
+}
+
+class _TlsExternalBuffer {
+  static final int kSize = 8 * 1024;
+  _TlsExternalBuffer() : start = 0, length = 0;
+
+  void advanceStart(int numBytes) {
+    start += numBytes;
+    length -= numBytes;
+    if (length == 0) {
+      start = 0;
+    }
+  }
+
+  int get free() => kSize - start - length;

[Anders Johnsen, 2012/11/01 07:27:21]

remove ().

[Anders Johnsen, 2012/11/01 07:27:21]

Please add (...) to explicit express precedence for better readability (and to
express the intent of this method).

[Bill Hesse, 2012/11/11 22:34:34]

Done.

+
+  List data;  // This will be a ExternalByteArray, backed by C allocated data.
+  int start;
+  int length;
+}
+
+/**
+ * _TlsFilter wraps a filter that encrypts and decrypts data travelling
+ * over a TLS encrypted socket.  The filter also handles the handshaking
+ * and certificate verification.
+ *
+ * The filter exposes its input and output buffers as Dart objects that
+ * are backed by an external C array of bytes, so that both Dart code and
+ * native code can access the same data.
+ */
+class _TlsFilter extends NativeFieldWrapperClass1 {

[Anders Johnsen, 2012/11/01 07:27:21]

AFAIK, this is VM specific, I think this should be in runtime/bin/

[Bill Hesse, 2012/11/11 22:34:34]

Done.

We have created an abstract interface TlsFilter.- looking at it, I don't like
the typeless "var _tlsFilter".

+  _TlsFilter() {
+    buffers = new List<_TlsExternalBuffer>(_TlsSocket.kNumBuffers);
+    for (int i = 0; i < _TlsSocket.kNumBuffers; ++i) {
+      buffers[i] = new _TlsExternalBuffer();
+    }
+  }
+
+  external void init();
+
+  external void connect();
+
+  external void registerHandshakeCallbacks(Function startHandshakeHandler,
+                                           Function finishHandshakeHandler);
+  external int processBuffer(int bufferIndex);
+  external void destroy();
+
+  List<_TlsExternalBuffer> buffers;
+}