| Index: sdk/lib/io/tls_socket.dart
|
| diff --git a/sdk/lib/io/tls_socket.dart b/sdk/lib/io/tls_socket.dart
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..44551b587a324c35038d5c21bc819c2a6168a02f
|
| --- /dev/null
|
| +++ b/sdk/lib/io/tls_socket.dart
|
| @@ -0,0 +1,373 @@
|
| +// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
|
| +// for details. All rights reserved. Use of this source code is governed by a
|
| +// BSD-style license that can be found in the LICENSE file.
|
| +
|
| +/**
|
| + * TlsSocket provides a secure (SSL or TLS) client connection to a server.
|
| + * The certificate provided by the server is checked
|
| + * using the certificate database provided in setCertificateDatabase.
|
| + */
|
| +abstract class TlsSocket implements Socket {
|
| + /**
|
| + * Constructs a new secure socket and connect it to the given
|
| + * host on the given port. The returned socket is not yet connected
|
| + * but ready for registration of callbacks.
|
| + */
|
| + factory TlsSocket(String host, int port) => new _TlsSocket(host, port);
|
| +
|
| + /**
|
| + * Initializes the TLS library with the path to a certificate database
|
| + * containing root certificates for verifying certificate paths on
|
| + * client connections, and server certificates to provide on server
|
| + * connections.
|
| + */
|
| + external static void setCertificateDatabase(String pkcertDirectory);
|
| +}
|
| +
|
| +
|
| +class _TlsSocket implements TlsSocket {
|
| + // Status states
|
| + static final int NOT_CONNECTED = 200;
|
| + static final int HANDSHAKE = 201;
|
| + static final int CONNECTED = 202;
|
| + static final int CLOSED = 203;
|
| +
|
| + // Buffer identifiers.
|
| + // These must agree with those in the native C++ implementation.
|
| + static final int READ_PLAINTEXT = 0;
|
| + static final int WRITE_PLAINTEXT = 1;
|
| + static final int READ_ENCRYPTED = 2;
|
| + static final int WRITE_ENCRYPTED = 3;
|
| + static final int NUM_BUFFERS = 4;
|
| +
|
| + int _count = 0;
|
| + // Constructs a new secure client socket.
|
| + _TlsSocket(String host, int port)
|
| + : _host = host,
|
| + _port = port,
|
| + _socket = new Socket(host, port),
|
| + _tlsFilter = new _TlsFilter() {
|
| + _socket.onConnect = _tlsConnectHandler;
|
| + _socket.onData = _tlsDataHandler;
|
| + _socket.onClosed = _tlsCloseHandler;
|
| + _tlsFilter.init();
|
| + _tlsFilter.registerHandshakeCompleteCallback(_tlsHandshakeCompleteHandler);
|
| + }
|
| +
|
| + InputStream get inputStream {
|
| + // TODO(6701): Implement stream interfaces on TlsSocket.
|
| + throw new UnimplementedError("TlsSocket.inputStream not implemented yet");
|
| + }
|
| +
|
| + int get port => _socket.port;
|
| +
|
| + String get remoteHost => _socket.remoteHost;
|
| +
|
| + int get remotePort => _socket.remotePort;
|
| +
|
| + void set onClosed(void callback()) {
|
| + _socketCloseHandler = callback;
|
| + }
|
| +
|
| + void set onConnect(void callback()) {
|
| + _socketConnectHandler = callback;
|
| + }
|
| +
|
| + void set onData(void callback()) {
|
| + _socketDataHandler = callback;
|
| + }
|
| +
|
| + void set onWrite(void callback()) {
|
| + _socketWriteHandler = callback;
|
| + // Reset the one-shot onWrite handler.
|
| + _socket.onWrite = _tlsWriteHandler;
|
| + }
|
| +
|
| + OutputStream get outputStream {
|
| + // TODO(6701): Implement stream interfaces on TlsSocket.
|
| + throw new UnimplementedError("TlsSocket.inputStream not implemented yet");
|
| + }
|
| +
|
| + int available() {
|
| + throw new UnimplementedError("TlsSocket.available not implemented yet");
|
| + }
|
| +
|
| + void close([bool halfClose]) {
|
| + _socket.close(halfClose);
|
| + }
|
| +
|
| + List<int> read([int len]) {
|
| + var buffer = _tlsFilter.buffers[READ_PLAINTEXT];
|
| + _readEncryptedData();
|
| + int toRead = buffer.length;
|
| + if (len != null) {
|
| + if (len is! int || len < 0) {
|
| + throw new ArgumentError(
|
| + "Invalid len parameter in TlsSocket.read (len: $len)");
|
| + }
|
| + if (len < toRead) {
|
| + toRead = len;
|
| + }
|
| + }
|
| + List<int> result = buffer.data.getRange(buffer.start, toRead);
|
| + buffer.advanceStart(toRead);
|
| + _setHandlersAfterRead();
|
| + return result;
|
| + }
|
| +
|
| + int readList(List<int> data, int offset, int bytes) {
|
| + if (offset < 0 || bytes < 0 || offset + bytes > data.length) {
|
| + throw new ArgumentError(
|
| + "Invalid offset or bytes in TlsSocket.readList");
|
| + }
|
| +
|
| + int bytesRead = 0;
|
| + var buffer = _tlsFilter.buffers[READ_PLAINTEXT];
|
| + // TODO(whesse): Currently this fails if the if is turned into a while loop.
|
| + // Fix it so that it can loop and read more than one buffer's worth of data.
|
| + if (bytes > bytesRead) {
|
| + _readEncryptedData();
|
| + if (buffer.length > 0) {
|
| + int toRead = min(bytes - bytesRead, buffer.length);
|
| + data.setRange(offset, toRead, buffer.data, buffer.start);
|
| + buffer.advanceStart(toRead);
|
| + bytesRead += toRead;
|
| + offset += toRead;
|
| + }
|
| + }
|
| +
|
| + _setHandlersAfterRead();
|
| + return bytesRead;
|
| + }
|
| +
|
| + // Write the data to the socket, and flush it as much as possible
|
| + // until it would block. If the write would block, _writeEncryptedData sets
|
| + // up handlers to flush the pipeline when possible.
|
| + int writeList(List<int> data, int offset, int bytes) {
|
| + var buffer = _tlsFilter.buffers[WRITE_PLAINTEXT];
|
| + if (bytes > buffer.free) {
|
| + bytes = buffer.free;
|
| + }
|
| + if (bytes > 0) {
|
| + buffer.data.setRange(buffer.start + buffer.length, bytes, data, offset);
|
| + buffer.length += bytes;
|
| + }
|
| + _writeEncryptedData(); // Tries to flush all pipeline stages.
|
| + return bytes;
|
| + }
|
| +
|
| + void _tlsConnectHandler() {
|
| + _connectPending = true;
|
| + _tlsFilter.connect(_host, _port);
|
| + _status = HANDSHAKE;
|
| + _tlsHandshake();
|
| + }
|
| +
|
| + void _tlsWriteHandler() {
|
| + if (_status == HANDSHAKE) {
|
| + _tlsHandshake();
|
| + } else if (_status == CONNECTED) {
|
| + if (_socketWriteHandler != null) {
|
| + _socketWriteHandler();
|
| + }
|
| + }
|
| + }
|
| +
|
| + void _tlsDataHandler() {
|
| + if (_status == HANDSHAKE) {
|
| + _tlsHandshake();
|
| + } else {
|
| + _writeEncryptedData(); // TODO(whesse): Removing this causes a failure.
|
| + _readEncryptedData();
|
| + var buffer = _tlsFilter.buffers[READ_PLAINTEXT];
|
| + if (_filterEmpty) {
|
| + if (_fireCloseEventPending) {
|
| + _fireCloseEvent();
|
| + }
|
| + } else { // Filter is not empty.
|
| + if (scheduledDataEvent != null) {
|
| + scheduledDataEvent.cancel();
|
| + scheduledDataEvent = null;
|
| + }
|
| + if (_socketDataHandler != null) {
|
| + _socketDataHandler();
|
| + }
|
| + }
|
| + }
|
| + }
|
| +
|
| + void _tlsCloseHandler() {
|
| + _socketClosed = true;
|
| + _status = CLOSED;
|
| + _socket.close();
|
| + if (_filterEmpty) {
|
| + _fireCloseEvent();
|
| + } else {
|
| + _fireCloseEventPending = true;
|
| + }
|
| + }
|
| +
|
| + void _tlsHandshake() {
|
| + _readEncryptedData();
|
| + _tlsFilter.handshake();
|
| + _writeEncryptedData();
|
| + if (_tlsFilter.buffers[WRITE_ENCRYPTED].length > 0) {
|
| + _socket.onWrite = _tlsWriteHandler;
|
| + }
|
| + }
|
| +
|
| + void _tlsHandshakeCompleteHandler() {
|
| + _status = CONNECTED;
|
| + if (_connectPending && _socketConnectHandler != null) {
|
| + _connectPending = false;
|
| + _socketConnectHandler();
|
| + }
|
| + }
|
| +
|
| + void _fireCloseEvent() {
|
| + _fireCloseEventPending = false;
|
| + _tlsFilter.destroy();
|
| + _tlsFilter = null;
|
| + if (scheduledDataEvent != null) {
|
| + scheduledDataEvent.cancel();
|
| + }
|
| + if (_socketCloseHandler != null) {
|
| + _socketCloseHandler();
|
| + }
|
| + }
|
| +
|
| + void _readEncryptedData() {
|
| + // Read from the socket, and push it through the filter as far as
|
| + // possible.
|
| + var encrypted = _tlsFilter.buffers[READ_ENCRYPTED];
|
| + var plaintext = _tlsFilter.buffers[READ_PLAINTEXT];
|
| + bool progress = true;
|
| + while (progress) {
|
| + progress = false;
|
| + // Do not try to read plaintext from the filter while handshaking.
|
| + if ((_status == CONNECTED || _status == CLOSED) && plaintext.free > 0) {
|
| + int bytes = _tlsFilter.processBuffer(READ_PLAINTEXT);
|
| + if (bytes > 0) {
|
| + plaintext.length += bytes;
|
| + progress = true;
|
| + }
|
| + }
|
| + if (encrypted.length > 0) {
|
| + int bytes = _tlsFilter.processBuffer(READ_ENCRYPTED);
|
| + if (bytes > 0) {
|
| + encrypted.advanceStart(bytes);
|
| + progress = true;
|
| + }
|
| + }
|
| + if (!_socketClosed) {
|
| + int bytes = _socket.readList(encrypted.data,
|
| + encrypted.start + encrypted.length,
|
| + encrypted.free);
|
| + if (bytes > 0) {
|
| + encrypted.length += bytes;
|
| + progress = true;
|
| + }
|
| + }
|
| + }
|
| + // TODO(whesse): This can be incorrect if there is a partial
|
| + // encrypted block stuck in the tlsFilter, and no other data.
|
| + // Fix this - we do need to know when the filter is empty.
|
| + _filterEmpty = (plaintext.length == 0);
|
| + }
|
| +
|
| + void _writeEncryptedData() {
|
| + // Write from the filter to the socket.
|
| + var buffer = _tlsFilter.buffers[WRITE_ENCRYPTED];
|
| + while (true) {
|
| + if (buffer.length > 0) {
|
| + int bytes = _socket.writeList(buffer.data, buffer.start, buffer.length);
|
| + if (bytes == 0) {
|
| + // The socket has blocked while we have data to write.
|
| + // We must be notified when it becomes unblocked.
|
| + _socket.onWrite = _tlsWriteHandler;
|
| + break;
|
| + }
|
| + buffer.advanceStart(bytes);
|
| + } else {
|
| + var plaintext = _tlsFilter.buffers[WRITE_PLAINTEXT];
|
| + if (plaintext.length > 0) {
|
| + int plaintext_bytes = _tlsFilter.processBuffer(WRITE_PLAINTEXT);
|
| + plaintext.advanceStart(plaintext_bytes);
|
| + }
|
| + int bytes = _tlsFilter.processBuffer(WRITE_ENCRYPTED);
|
| + if (bytes <= 0) break;
|
| + buffer.length += bytes;
|
| + }
|
| + }
|
| + }
|
| +
|
| + /* After a read, the onData handler is enabled to fire again.
|
| + * We may also have a close event waiting for the TlsFilter to empty.
|
| + */
|
| + void _setHandlersAfterRead() {
|
| + // If the filter is empty, then we are guaranteed an event when it
|
| + // becomes unblocked.
|
| + // Otherwise, schedule a _tlsDataHandler call since there may data
|
| + // available, and this read call enables the data event.
|
| + if (!_filterEmpty && scheduledDataEvent == null) {
|
| + scheduledDataEvent = new Timer(0, (_) => _tlsDataHandler());
|
| + } else if (_filterEmpty && scheduledDataEvent != null) {
|
| + scheduledDataEvent.cancel();
|
| + scheduledDataEvent = null;
|
| + }
|
| + if (_filterEmpty && _fireCloseEventPending) {
|
| + _fireCloseEvent();
|
| + }
|
| + }
|
| +
|
| + // _TlsSocket cannot extend _Socket and use _Socket's factory constructor.
|
| + Socket _socket;
|
| + String _host;
|
| + int _port;
|
| +
|
| + var _status = NOT_CONNECTED;
|
| + bool _socketClosed = false;
|
| + bool _filterEmpty = false;
|
| + bool _connectPending = false;
|
| + bool _fireCloseEventPending = false;
|
| + Function _socketConnectHandler;
|
| + Function _socketWriteHandler;
|
| + Function _socketDataHandler;
|
| + Function _socketCloseHandler;
|
| + Timer scheduledDataEvent;
|
| +
|
| + _TlsFilter _tlsFilter;
|
| +}
|
| +
|
| +
|
| +class _TlsExternalBuffer {
|
| + static final int SIZE = 8 * 1024;
|
| + _TlsExternalBuffer() : start = 0, length = 0;
|
| +
|
| + // TODO(whesse): Consider making this a circular buffer. Only if it helps.
|
| + void advanceStart(int numBytes) {
|
| + start += numBytes;
|
| + length -= numBytes;
|
| + if (length == 0) {
|
| + start = 0;
|
| + }
|
| + }
|
| +
|
| + int get free => SIZE - (start + length);
|
| +
|
| + List data; // This will be a ExternalByteArray, backed by C allocated data.
|
| + int start;
|
| + int length;
|
| +}
|
| +
|
| +
|
| +abstract class _TlsFilter {
|
| + external factory _TlsFilter();
|
| +
|
| + void connect(String hostName, int port);
|
| + void destroy();
|
| + void handshake();
|
| + void init();
|
| + int processBuffer(int bufferIndex);
|
| + void registerHandshakeCompleteCallback(Function handshakeCompleteHandler);
|
| +}
|
|
|
Chromium Code Reviews
Issue 10916081:
Add secure sockets to dart:io (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart