OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.io; | 5 part of dart.io; |
6 | 6 |
7 /** | 7 /** |
8 * A high-level class for communicating securely over a TCP socket, using | 8 * A high-level class for communicating securely over a TCP socket, using |
9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an | 9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an |
10 * [IOSink] interface, making it ideal for using together with | 10 * [IOSink] interface, making it ideal for using together with |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
256 } | 256 } |
257 | 257 |
258 /** | 258 /** |
259 * Takes an already connected [socket] and starts client side TLS | 259 * Takes an already connected [socket] and starts client side TLS |
260 * handshake to make the communication secure. When the returned | 260 * handshake to make the communication secure. When the returned |
261 * future completes the [RawSecureSocket] has completed the TLS | 261 * future completes the [RawSecureSocket] has completed the TLS |
262 * handshake. Using this function requires that the other end of the | 262 * handshake. Using this function requires that the other end of the |
263 * connection is prepared for TLS handshake. | 263 * connection is prepared for TLS handshake. |
264 * | 264 * |
265 * If the [socket] already has a subscription, pass the existing | 265 * If the [socket] already has a subscription, pass the existing |
266 * subscription in the [subscription] parameter. The secure socket | 266 * subscription in the [subscription] parameter. The [secure] |
267 * will take over the subscription and process any subsequent | 267 * operation will take over the subscription by replacing the |
268 * events. In most cases calling `pause` on this subscription before | 268 * handlers with it own secure processing. The caller must not touch |
269 * starting TLS handshake is the right thing to do. | 269 * this subscription anymore. Passing a paused subscription is an |
| 270 * error. |
270 * | 271 * |
271 * If the [host] argument is passed it will be used as the host name | 272 * If the [host] argument is passed it will be used as the host name |
272 * for the TLS handshake. If [host] is not passed the host name from | 273 * for the TLS handshake. If [host] is not passed the host name from |
273 * the [socket] will be used. The [host] can be either a [String] or | 274 * the [socket] will be used. The [host] can be either a [String] or |
274 * an [InternetAddress]. | 275 * an [InternetAddress]. |
275 * | 276 * |
276 * Calling this function will _not_ cause a DNS host lookup. If the | 277 * Calling this function will _not_ cause a DNS host lookup. If the |
277 * [host] passed is a [String] the [InternetAddress] for the | 278 * [host] passed is a [String] the [InternetAddress] for the |
278 * resulting [SecureSocket] will have this passed in [host] as its | 279 * resulting [SecureSocket] will have this passed in [host] as its |
279 * host value and the internet address of the already connected | 280 * host value and the internet address of the already connected |
(...skipping 23 matching lines...) Expand all Loading... |
303 } | 304 } |
304 | 305 |
305 /** | 306 /** |
306 * Takes an already connected [socket] and starts server side TLS | 307 * Takes an already connected [socket] and starts server side TLS |
307 * handshake to make the communication secure. When the returned | 308 * handshake to make the communication secure. When the returned |
308 * future completes the [RawSecureSocket] has completed the TLS | 309 * future completes the [RawSecureSocket] has completed the TLS |
309 * handshake. Using this function requires that the other end of the | 310 * handshake. Using this function requires that the other end of the |
310 * connection is going to start the TLS handshake. | 311 * connection is going to start the TLS handshake. |
311 * | 312 * |
312 * If the [socket] already has a subscription, pass the existing | 313 * If the [socket] already has a subscription, pass the existing |
313 * subscription in the [subscription] parameter. The secure socket | 314 * subscription in the [subscription] parameter. The [secureServer] |
314 * will take over the subscription and process any subsequent | 315 * operation will take over the subscription by replacing the |
315 * events. | 316 * handlers with it own secure processing. The caller must not touch |
| 317 * this subscription anymore. Passing a paused subscription is an |
| 318 * error. |
316 * | 319 * |
317 * If some of the data of the TLS handshake has already been read | 320 * If some of the data of the TLS handshake has already been read |
318 * from the socket this data can be passed in the [bufferedData] | 321 * from the socket this data can be passed in the [bufferedData] |
319 * parameter. This data will be processed before any other data | 322 * parameter. This data will be processed before any other data |
320 * available on the socket. | 323 * available on the socket. |
321 * | 324 * |
322 * See [RawSecureServerSocket.bind] for more information on the | 325 * See [RawSecureServerSocket.bind] for more information on the |
323 * arguments. | 326 * arguments. |
324 * | 327 * |
325 */ | 328 */ |
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
528 _socket = rawSocket; | 531 _socket = rawSocket; |
529 _socket.readEventsEnabled = true; | 532 _socket.readEventsEnabled = true; |
530 _socket.writeEventsEnabled = false; | 533 _socket.writeEventsEnabled = false; |
531 if (_socketSubscription == null) { | 534 if (_socketSubscription == null) { |
532 // If a current subscription is provided use this otherwise | 535 // If a current subscription is provided use this otherwise |
533 // create a new one. | 536 // create a new one. |
534 _socketSubscription = _socket.listen(_eventDispatcher, | 537 _socketSubscription = _socket.listen(_eventDispatcher, |
535 onError: _reportError, | 538 onError: _reportError, |
536 onDone: _doneHandler); | 539 onDone: _doneHandler); |
537 } else { | 540 } else { |
| 541 if (_socketSubscription.isPaused) { |
| 542 throw new StateError("Subscription passed to TLS upgrade is paused"); |
| 543 } |
538 _socketSubscription | 544 _socketSubscription |
539 ..onData(_eventDispatcher) | 545 ..onData(_eventDispatcher) |
540 ..onError(_reportError) | 546 ..onError(_reportError) |
541 ..onDone(_doneHandler); | 547 ..onDone(_doneHandler); |
542 } | 548 } |
543 _secureFilter.connect(address.host, | 549 _secureFilter.connect(address.host, |
544 (address as dynamic)._in_addr, | 550 (address as dynamic)._in_addr, |
545 port, | 551 port, |
546 is_server, | 552 is_server, |
547 certificateName, | 553 certificateName, |
(...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1258 /** | 1264 /** |
1259 * An exception that happens in the handshake phase of establishing | 1265 * An exception that happens in the handshake phase of establishing |
1260 * a secure network connection, when looking up or verifying a | 1266 * a secure network connection, when looking up or verifying a |
1261 * certificate. | 1267 * certificate. |
1262 */ | 1268 */ |
1263 class CertificateException extends TlsException { | 1269 class CertificateException extends TlsException { |
1264 const CertificateException([String message = "", | 1270 const CertificateException([String message = "", |
1265 OSError osError = null]) | 1271 OSError osError = null]) |
1266 : super._("CertificateException", message, osError); | 1272 : super._("CertificateException", message, osError); |
1267 } | 1273 } |
OLD | NEW |