Support upgrading sockets to secure sockets

sdk/lib/io/secure_socket.dart

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * A high-level class for communicating securely over a TCP socket, using
  * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an
  * [IOSink] interface, making it ideal for using together with
@@ skipping 31 matching lines @@
        bool onBadCertificate(X509Certificate certificate)}) {
     return RawSecureSocket.connect(host,
                                    port,
                                    sendClientCertificate: sendClientCertificate,
                                    certificateName: certificateName,
                                    onBadCertificate: onBadCertificate)
         .then((rawSocket) => new SecureSocket._(rawSocket));
   }
 
   /**
+   * Takes an already connected [socket] and starts client side TLS
+   * handshake to make the communication secure. When the returned
+   * future completes the [SecureSocket] has completed the TLS
+   * handshake. Using this function requires that the other end of the
+   * connection is prepared for TLS handshake.
+   *
+   * If the [socket] already has a subscription, this subscription
+   * will no longer receive and events. In most cases calling
+   * [:pause:] on this subscription before starting TLS handshake is
+   * the right thing to do.
+   *
+   * See [connect] for more information on the arguments.
+   *
+   */
+  static Future<SecureSocket> secure(
+      Socket socket,
+      {bool sendClientCertificate: false,
+       String certificateName,
+       bool onBadCertificate(X509Certificate certificate)}) {
+    var completer = new Completer();
+    socket._detachRaw()
+        .then((detachedRaw) {
+          return RawSecureSocket.secure(
+            detachedRaw[0],
+            subscription: detachedRaw[1],
+            sendClientCertificate: sendClientCertificate,
+            onBadCertificate: onBadCertificate);
+          })
+        .then((raw) {
+          completer.complete(new SecureSocket._(raw));
+        });
+    return completer.future;
+  }
+
+  /**
+   * Takes an already connected [socket] and starts server side TLS
+   * handshake to make the communication secure. When the returned
+   * future completes the [SecureSocket] has completed the TLS
+   * handshake. Using this function requires that the other end of the
+   * connection is going to start the TLS handshake.
+   *
+   * If the [socket] already has a subscription, this subscription
+   * will no longer receive and events. In most cases calling
+   * [:pause:] on this subscription before starting TLS handshake is
+   * the right thing to do.
+   *
+   * If some of the data of the TLS handshake has already been read
+   * from the socket this data can be passed in the [carryOverData]
+   * parameter. This data will be processed before any other data
+   * available on the socket.
+   *
+   * See [SecureServerSocket.bind] for more information on the
+   * arguments.
+   *
+   */
+  static Future<SecureSocket> secureServer(

[Anders Johnsen, 2013/04/22 14:08:17]

secureServer can be a bit ambivalent. What about moving it into one, and make it
a named argument?

[Søren Gjesse, 2013/04/23 06:51:21]

The problem with this is that for the server end the certificateName is not
optional. Also for the server end there is an optional carryOverData which is
not on the client end.

Combining the two would require explaining when to use which optional arguments.

+      Socket socket,
+      String certificateName,
+      {List<int> carryOverData,
+       bool requestClientCertificate: false,
+       bool requireClientCertificate: false}) {
+    var completer = new Completer();
+    socket._detachRaw()
+        .then((detachedRaw) {
+          return RawSecureSocket.secureServer(
+            detachedRaw[0],
+            certificateName,
+            subscription: detachedRaw[1],
+            carryOverData: carryOverData,
+            requestClientCertificate: requestClientCertificate,
+            requireClientCertificate: requireClientCertificate);
+          })
+        .then((raw) {
+          completer.complete(new SecureSocket._(raw));
+        });
+    return completer.future;
+  }
+
+  /**
    * Get the peer certificate for a connected SecureSocket.  If this
    * SecureSocket is the server end of a secure socket connection,
    * [peerCertificate] will return the client certificate, or null, if no
    * client certificate was received.  If it is the client end,
    * [peerCertificate] will return the server's certificate.
    */
   X509Certificate get peerCertificate;
 
   /**
    * Initializes the NSS library.  If [initialize] is not called, the library
@@ skipping 804 matching lines @@
   void destroy();
   void handshake();
   void init();
   X509Certificate get peerCertificate;
   int processBuffer(int bufferIndex);
   void registerBadCertificateCallback(Function callback);
   void registerHandshakeCompleteCallback(Function handshakeCompleteHandler);
 
   List<_ExternalBuffer> get buffers;
 }