Breaking Change: merge BoringSSL branch into master

sdk/lib/io/secure_server_socket.dart

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * The [SecureServerSocket] is a server socket, providing a stream of high-level
  * [Socket]s.
  *
@@ skipping 27 matching lines @@
    * The optional argument [backlog] can be used to specify the listen
    * backlog for the underlying OS listen setup. If [backlog] has the
    * value of [:0:] (the default) a reasonable value will be chosen by
    * the system.
    *
    * Incoming client connections are promoted to secure connections, using
    * the server certificate given by [certificateName].
    *
    * [address] must be given as a numeric address, not a host name.
    *
-   * [certificateName] is the nickname or the distinguished name (DN) of
-   * the certificate in the certificate database. It is looked up in the
-   * NSS certificate database set by SecureSocket.initialize.
-   * If [certificateName] contains "CN=", it is assumed to be a distinguished
-   * name.  Otherwise, it is looked up as a nickname.
-   *
    * To request or require that clients authenticate by providing an SSL (TLS)
    * client certificate, set the optional parameter [requestClientCertificate]
    * or [requireClientCertificate] to true.  Requiring a certificate implies
    * requesting a certificate, so one doesn't need to set both to true.
    * To check whether a client certificate was received, check
    * SecureSocket.peerCertificate after connecting.  If no certificate
    * was received, the result will be null.
    *
    * The optional argument [shared] specify whether additional binds
    * to the same `address`, `port` and `v6Only` combination is
    * possible from the same Dart process. If `shared` is `true` and
    * additional binds are performed, then the incoming connections
    * will be distributed between that set of
    * `SecureServerSocket`s. One way of using this is to have number of
    * isolates between which incoming connections are distributed.
    */
   static Future<SecureServerSocket> bind(
       address,
       int port,
-      String certificateName,
+      SecurityContext context,
       {int backlog: 0,
        bool v6Only: false,
        bool requestClientCertificate: false,
        bool requireClientCertificate: false,
        List<String> supportedProtocols,
        bool shared: false}) {
     return RawSecureServerSocket.bind(
         address,
         port,
-        certificateName,
+        context,
         backlog: backlog,
         v6Only: v6Only,
         requestClientCertificate: requestClientCertificate,
         requireClientCertificate: requireClientCertificate,
         supportedProtocols: supportedProtocols,
         shared: shared).then(
             (serverSocket) => new SecureServerSocket._(serverSocket));
   }
 
   StreamSubscription<SecureSocket> listen(void onData(SecureSocket socket),
@@ skipping 27 matching lines @@
 }
 
 
 /**
  * The RawSecureServerSocket is a server socket, providing a stream of low-level
  * [RawSecureSocket]s.
  *
  * See [RawSecureSocket] for more info.
  */
 class RawSecureServerSocket extends Stream<RawSecureSocket> {
-  RawServerSocket _socket;
+  final RawServerSocket _socket;
   StreamController<RawSecureSocket> _controller;
   StreamSubscription<RawSocket> _subscription;
-  final String certificateName;
+  final SecurityContext _context;
   final bool requestClientCertificate;
   final bool requireClientCertificate;
   final List<String> supportedProtocols;
   bool _closed = false;
 
-  RawSecureServerSocket._(RawServerSocket serverSocket,
-                          this.certificateName,
+  RawSecureServerSocket._(this._socket,
+                          this._context,
                           this.requestClientCertificate,
                           this.requireClientCertificate,
                           this.supportedProtocols) {
-    _socket = serverSocket;
     _controller = new StreamController<RawSecureSocket>(
         sync: true,
         onListen: _onSubscriptionStateChange,
         onPause: _onPauseStateChange,
         onResume: _onPauseStateChange,
         onCancel: _onSubscriptionStateChange);
   }
 
   /**
    * Returns a future for a [RawSecureServerSocket]. When the future
@@ skipping 42 matching lines @@
    * to the same `address`, `port` and `v6Only` combination is
    * possible from the same Dart process. If `shared` is `true` and
    * additional binds are performed, then the incoming connections
    * will be distributed between that set of
    * `RawSecureServerSocket`s. One way of using this is to have number
    * of isolates between which incoming connections are distributed.
    */
   static Future<RawSecureServerSocket> bind(
       address,
       int port,
-      String certificateName,
+      SecurityContext context,
       {int backlog: 0,
        bool v6Only: false,
        bool requestClientCertificate: false,
        bool requireClientCertificate: false,
        List<String> supportedProtocols,
        bool shared: false}) {
     return RawServerSocket.bind(
         address, port, backlog: backlog, v6Only: v6Only, shared: shared)
         .then((serverSocket) => new RawSecureServerSocket._(
             serverSocket,
-            certificateName,
+            context,
             requestClientCertificate,
             requireClientCertificate,
             supportedProtocols));
   }
 
   StreamSubscription<RawSecureSocket> listen(void onData(RawSecureSocket s),
                                              {Function onError,
                                               void onDone(),
                                               bool cancelOnError}) {
     return _controller.stream.listen(onData,
@@ skipping 26 matching lines @@
     try {
       remotePort = connection.remotePort;
     } catch (e) {
       // If connection is already closed, remotePort throws an exception.
       // Do nothing - connection is closed.
       return;
     }
     _RawSecureSocket.connect(
         connection.address,
         remotePort,
-        certificateName,
+        context: _context,
         is_server: true,
         socket: connection,
         requestClientCertificate: requestClientCertificate,
         requireClientCertificate: requireClientCertificate,
         supportedProtocols: supportedProtocols)
     .then((RawSecureSocket secureConnection) {
       if (_closed) {
         secureConnection.close();
       } else {
         _controller.add(secureConnection);
@@ skipping 22 matching lines @@
       close();
     }
   }
 
   void set _owner(owner) {
     (_socket as dynamic)._owner = owner;
   }
 }