Add client certificates to HttpsServer and HttpClient.

sdk/lib/io/http.dart

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 /**
  * HTTP status codes.
  */
 abstract class HttpStatus {
   static const int CONTINUE = 100;
   static const int SWITCHING_PROTOCOLS = 101;
@@ skipping 45 matching lines @@
  * HTTP server.
  */
 abstract class HttpServer {
   factory HttpServer() => new _HttpServer();
 
   /**
    * Start listening for HTTP requests on the specified [host] and
    * [port]. If a [port] of 0 is specified the server will choose an
    * ephemeral port. The optional argument [backlog] can be used to
    * specify the listen backlog for the underlying OS listen.
-   * The optional argument [certificate_name] is used by the HttpsServer
-   * class, which shares the same interface.
+   * The optional arguments [certificate_name] and [requestClientCertificate]
+   * are used by the HttpsServer class, which shares the same interface.
    * See [addRequestHandler] and [defaultRequestHandler] for
    * information on how incoming HTTP requests are handled.
    */
   void listen(String host,
               int port,
               {int backlog: 128,
-              String certificate_name});
+               String certificate_name,
+               bool requestClientCertificate: false});
 
   /**
    * Attach the HTTP server to an existing [:ServerSocket:]. If the
    * [HttpServer] is closed, the [HttpServer] will just detach itself,
    * and not close [serverSocket].
    */
   void listenOn(ServerSocket serverSocket);
 
   /**
    * Adds a request handler to the list of request handlers. The
@@ skipping 545 matching lines @@
    * Returns the request headers.
    */
   HttpHeaders get headers;
 
   /**
    * Returns the cookies in the request (from the Cookie headers).
    */
   List<Cookie> get cookies;
 
   /**
+   * Returns the client certificate of the client making the request.
+   * Returns null if the connection is not a secure TLS or SSL connection,
+   * or if the server does not request a client certificate, or if the client
+   * does not provide one.
+   */
+  X509Certificate get certificate;
+
+  /**
    * Returns, or initialize, a session for the given request. If the session is
    * being initialized by this call, [init] will be called with the
    * newly create session. Here the [:HttpSession.data:] field can be set, if
    * needed.
    * See [:HttpServer.sessionTimeout:] on how to change default timeout.
    */
   HttpSession session([init(HttpSession session)]);
 
   /**
    * Returns the input stream for the request. This is used to read
@@ skipping 164 matching lines @@
    * continue normally.
    */
   set authenticate(Future<bool> f(Uri url, String scheme, String realm));
 
   /**
    * Add credentials to be used for authorizing HTTP requests.
    */
   void addCredentials(Uri url, String realm, HttpClientCredentials credentials);
 
   /**
+   * If [sendClientCertificate] is set to true, authenticate with a client
+   * certificate when connecting with an HTTPS server that requests one.
+   * Select the certificate from the certificate database that matches
+   * the authorities listed by the HTTPS server as valid.
+   * If [clientCertificate] is set, send the certificate with that nickname
+   * instead.
+   */
+  set sendClientCertificate(bool send);
+
+  /**
+   * If [clientCertificate] is non-null and [sendClientCertificate] is true,
+   * use [clientCertificate] to select the certificate to send from the
+   * certificate database, looking it up by its nickname.
+   */
+  set clientCertificate(String nickname);
+
+  /**
    * Sets the function used to resolve the proxy server to be used for
    * opening a HTTP connection to the specified [url]. If this
    * function is not set, direct connections will always be used.
    *
    * The string returned by [f] must be in the format used by browser
    * PAC (proxy auto-config) scripts. That is either
    *
    *   "DIRECT"
    *
    * for using a direct connection or
@@ skipping 195 matching lines @@
    * Returns the response headers.
    */
   HttpHeaders get headers;
 
   /**
    * Cookies set by the server (from the Set-Cookie header).
    */
   List<Cookie> get cookies;
 
   /**
+   * Returns the certificate of the HTTPS server providing the response.
+   * Returns null if the connection is not a secure TLS or SSL connection.
+   */
+  X509Certificate get certificate;
+
+  /**
    * Returns the input stream for the response. This is used to read
    * the response data.
    */
   InputStream get inputStream;
 }
 
 
 abstract class HttpClientCredentials { }
 
 
@@ skipping 76 matching lines @@
 class RedirectLimitExceededException extends RedirectException {
   const RedirectLimitExceededException(List<RedirectInfo> redirects)
       : super("Redirect limit exceeded", redirects);
 }
 
 
 class RedirectLoopException extends RedirectException {
   const RedirectLoopException(List<RedirectInfo> redirects)
       : super("Redirect loop detected", redirects);
 }