Secure server sockets for dart:io. Add TlsServerSocket class, providing SSL server sockets.

sdk/lib/io/tls_socket.dart

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 /**
  * TlsSocket provides a secure (SSL or TLS) client connection to a server.
  * The certificate provided by the server is checked
  * using the certificate database provided in setCertificateDatabase.
  */
 abstract class TlsSocket implements Socket {
   /**
-   * Constructs a new secure socket and connect it to the given
+   * Constructs a new secure client socket and connect it to the given
    * host on the given port. The returned socket is not yet connected
    * but ready for registration of callbacks.
    */
   factory TlsSocket(String host, int port) => new _TlsSocket(host, port);
 
-  /**
+   /**
    * Initializes the TLS library with the path to a certificate database
    * containing root certificates for verifying certificate paths on
    * client connections, and server certificates to provide on server
-   * connections.
+   * connections.  The password argument should be used when creating
+   * secure server sockets, to allow the private key of the server
+   * certificate to be fetched.
+   *
+   * The database should be an NSS certificate database directory
+   * containing a cert9.db file, not a cert8.db file.  This version of
+   * the database can be created using the NSS certutil tool with "sql:" in
+   * front of the absolute path of the database directory, or setting the
+   * environment variable NSS_DEFAULT_DB_TYPE to "sql".
    */
-  external static void setCertificateDatabase(String pkcertDirectory);
+  external static void setCertificateDatabase(String certificateDatabase,
+                                              [String password]);
 }
 
 
 class _TlsSocket implements TlsSocket {
   // Status states
   static final int NOT_CONNECTED = 200;
   static final int HANDSHAKE = 201;
   static final int CONNECTED = 202;
   static final int CLOSED = 203;
 
   // Buffer identifiers.
   // These must agree with those in the native C++ implementation.
   static final int READ_PLAINTEXT = 0;
   static final int WRITE_PLAINTEXT = 1;
   static final int READ_ENCRYPTED = 2;
   static final int WRITE_ENCRYPTED = 3;
   static final int NUM_BUFFERS = 4;
 
   int _count = 0;
   // Constructs a new secure client socket.
-  _TlsSocket(String host, int port)
+  factory _TlsSocket(String host, int port) =>
+      new _TlsSocket.internal(host, port, false);
+
+  // Constructs a new secure server socket, with the named server certificate.
+  factory _TlsSocket.server(String host,
+                            int port,
+                            Socket socket,
+                            String certificateName) =>
+      new _TlsSocket.internal(host, port, true, socket, certificateName);
+
+  _TlsSocket.internal(String host,
+                      int port,
+                      bool is_server,
+                      [Socket socket,
+                       String certificateName])
       : _host = host,
         _port = port,
-        _socket = new Socket(host, port),
+        _socket = socket,
+        _certificateName = certificateName,
+        _is_server = is_server,
         _tlsFilter = new _TlsFilter() {
+    if (_socket == null) {
+      _socket = new Socket(host, port);
+    }
     _socket.onConnect = _tlsConnectHandler;
     _socket.onData = _tlsDataHandler;
     _socket.onClosed = _tlsCloseHandler;
     _tlsFilter.init();
     _tlsFilter.registerHandshakeCompleteCallback(_tlsHandshakeCompleteHandler);
   }
 
   InputStream get inputStream {
     // TODO(6701): Implement stream interfaces on TlsSocket.
     throw new UnimplementedError("TlsSocket.inputStream not implemented yet");
@@ skipping 91 matching lines @@
     if (bytes > 0) {
       buffer.data.setRange(buffer.start + buffer.length, bytes, data, offset);
       buffer.length += bytes;
     }
     _writeEncryptedData();  // Tries to flush all pipeline stages.
     return bytes;
   }
 
   void _tlsConnectHandler() {
     _connectPending = true;
-    _tlsFilter.connect(_host, _port);
+    _tlsFilter.connect(_host, _port, _is_server, _certificateName);
     _status = HANDSHAKE;
     _tlsHandshake();
   }
 
   void _tlsWriteHandler() {
     if (_status == HANDSHAKE) {
       _tlsHandshake();
     } else if (_status == CONNECTED) {
       if (_socketWriteHandler != null) {
         _socketWriteHandler();
@@ skipping 145 matching lines @@
     }
     if (_filterEmpty && _fireCloseEventPending) {
         _fireCloseEvent();
     }
   }
 
   // _TlsSocket cannot extend _Socket and use _Socket's factory constructor.
   Socket _socket;
   String _host;
   int _port;
+  bool _is_server;
+  String _certificateName;
 
   var _status = NOT_CONNECTED;
   bool _socketClosed = false;
   bool _filterEmpty = false;
   bool _connectPending = false;
   bool _fireCloseEventPending = false;
   Function _socketConnectHandler;
   Function _socketWriteHandler;
   Function _socketDataHandler;
   Function _socketCloseHandler;
@@ skipping 20 matching lines @@
 
   List data;  // This will be a ExternalByteArray, backed by C allocated data.
   int start;
   int length;
 }
 
 
 abstract class _TlsFilter {
   external factory _TlsFilter();
 
-  void connect(String hostName, int port);
+  void connect(String hostName,
+               int port,
+               bool is_server,
+               String certificateName);
   void destroy();
   void handshake();
   void init();
   int processBuffer(int bufferIndex);
   void registerHandshakeCompleteCallback(Function handshakeCompleteHandler);
+
+  List<_TlsExternalBuffer> get buffers;
 }