Add client certificates to HttpsServer and HttpClient.

sdk/lib/io/http.dart

Index: sdk/lib/io/http.dart
diff --git a/sdk/lib/io/http.dart b/sdk/lib/io/http.dart
index 24cb85b8c54418e922a1f740d3c08ce18a4b927f..4a0fbef6907ca8f2c8ab464ad1689702fbecaf1a 100644
--- a/sdk/lib/io/http.dart
+++ b/sdk/lib/io/http.dart
@@ -63,15 +63,16 @@ abstract class HttpServer {
    * [port]. If a [port] of 0 is specified the server will choose an
    * ephemeral port. The optional argument [backlog] can be used to
    * specify the listen backlog for the underlying OS listen.
-   * The optional argument [certificate_name] is used by the HttpsServer
-   * class, which shares the same interface.
+   * The optional arguments [certificate_name] and [requestClientCertificate]
+   * are used by the HttpsServer class, which shares the same interface.
    * See [addRequestHandler] and [defaultRequestHandler] for
    * information on how incoming HTTP requests are handled.
    */
   void listen(String host,
               int port,
               {int backlog: 128,
-              String certificate_name});
+               String certificate_name,
+               bool requestClientCertificate: false});
 
   /**
    * Attach the HTTP server to an existing [:ServerSocket:]. If the
@@ -637,6 +638,14 @@ abstract class HttpRequest {
   List<Cookie> get cookies;
 
   /**
+   * Returns the client certificate of the client making the request.
+   * Returns null if the connection is not a secure TLS or SSL connection,
+   * or if the server does not request a client certificate, or if the client
+   * does not provide one.
+   */
+  X509Certificate get certificate;
+
+  /**
    * Returns, or initialize, a session for the given request. If the session is
    * being initialized by this call, [init] will be called with the
    * newly create session. Here the [:HttpSession.data:] field can be set, if
@@ -821,6 +830,23 @@ abstract class HttpClient {
   void addCredentials(Uri url, String realm, HttpClientCredentials credentials);
 
   /**

[Søren Gjesse, 2012/12/12 15:27:07]

As discussed offline this makes the client certificate configuration global to
the HttpClient. This is probably OK, as adding optional certificate parameters
for all methods opening a connection would be a pain.

Another option would be to have a callback which is called when the server
requests a certificate. This callback would then be called the first time a
specific server requesting a certificate was contacted. After that this
certificate information would be cached.

+   * If [sendClientCertificate] is set to true, authenticate with a client
+   * certificate when connecting with an HTTPS server that requests one.
+   * Select the certificate from the certificate database that matches
+   * the authorities listed by the HTTPS server as valid.
+   * If [clientCertificate] is set, send the certificate with that nickname
+   * instead.
+   */
+  set sendClientCertificate(bool send);
+
+  /**
+   * If [clientCertificate] is non-null and [sendClientCertificate] is true,
+   * use [clientCertificate] to select the certificate to send from the
+   * certificate database, looking it up by its nickname.
+   */
+  set clientCertificate(String nickname);
+
+  /**
    * Sets the function used to resolve the proxy server to be used for
    * opening a HTTP connection to the specified [url]. If this
    * function is not set, direct connections will always be used.
@@ -1036,6 +1062,12 @@ abstract class HttpClientResponse {
   List<Cookie> get cookies;
 
   /**
+   * Returns the certificate of the HTTPS server providing the response.
+   * Returns null if the connection is not a secure TLS or SSL connection.
+   */
+  X509Certificate get certificate;
+
+  /**
    * Returns the input stream for the response. This is used to read
    * the response data.
    */