OLD | NEW |
1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.io; | 5 part of dart.io; |
6 | 6 |
7 /** | 7 /** |
8 * The object containing the certificates to trust when making | 8 * The object containing the certificates to trust when making |
9 * a secure client connection, and the certificate chain and | 9 * a secure client connection, and the certificate chain and |
10 * private key to serve from a secure server. | 10 * private key to serve from a secure server. |
11 * | 11 * |
12 * The [SecureSocket] and [SecureServer] classes take a SecurityContext | 12 * The [SecureSocket] and [SecureServer] classes take a SecurityContext |
13 * as an argument to their connect and bind methods. | 13 * as an argument to their connect and bind methods. |
14 * | 14 * |
15 * Certificates and keys can be added to a SecurityContext from PEM files | 15 * Certificates and keys can be added to a SecurityContext from PEM files |
16 * on the disk. A PEM file contains one or more base-64 encoded DER-serialized | 16 * on the disk. A PEM file contains one or more base-64 encoded DER-serialized |
17 * ASN1 objects, surrounded with delimiter strings like | 17 * ASN1 objects, surrounded with delimiter strings like |
18 * "-----BEGIN CERTIFICATE -----" and "-----END CERTIFICATE-----". | 18 * "-----BEGIN CERTIFICATE -----" and "-----END CERTIFICATE-----". |
19 * Distinguished encoding rules (DER) is a canonical binary serialization | 19 * Distinguished encoding rules (DER) is a canonical binary serialization |
20 * of ASN1 objects into an octet string. | 20 * of ASN1 objects into an octet string. |
21 */ | 21 */ |
22 abstract class SecurityContext { | 22 abstract class SecurityContext { |
23 external factory SecurityContext(); | 23 external factory SecurityContext(); |
24 | 24 |
25 /** | 25 /** |
26 * Secure networking classes with an optional `context` parameter | 26 * Secure networking classes with an optional `context` parameter |
27 * use the [defaultContext] object if the parameter is omitted. | 27 * use the [defaultContext] object if the parameter is omitted. |
28 * This object can also be accessed, and modified, directly. | 28 * This object can also be accessed, and modified, directly. |
29 * Each isolate has a different [defaultContext] object. | 29 * Each isolate has a different [defaultContext] object. |
30 * The [defaultContext] object uses a list of well-known trusted | 30 * The [defaultContext] object uses a list of well-known trusted |
31 * certificate authorities as its trusted roots. This list is | 31 * certificate authorities as its trusted roots. This list is |
32 * taken from Mozilla, who maintains it as part of Firefox. | 32 * taken from Mozilla, who maintains it as part of Firefox. |
33 */ | 33 */ |
34 external static SecurityContext get defaultContext; | 34 external static SecurityContext get defaultContext; |
35 | 35 |
36 /** | 36 /** |
37 * Sets the private key for a server certificate or client certificate. | 37 * Sets the private key for a server certificate or client certificate. |
| 38 * |
38 * A secure connection using this SecurityContext will use this key with | 39 * A secure connection using this SecurityContext will use this key with |
39 * the server or client certificate to sign and decrypt messages. | 40 * the server or client certificate to sign and decrypt messages. |
40 * [keyFile] is a PEM file containing an encrypted | 41 * [keyFile] is a PEM file containing an encrypted |
41 * private key, encrypted with [password]. An unencrypted file can be | 42 * private key, encrypted with [password]. An unencrypted file can be |
42 * used, but this is not usual. | 43 * used, but this is not usual. |
| 44 * |
| 45 * The function returns a [Future] that completes when the key has been added |
| 46 * to the context. |
43 */ | 47 */ |
44 void usePrivateKey(String keyFile, {String password}); | 48 Future usePrivateKey(String keyFile, {String password}); |
| 49 |
| 50 /** |
| 51 * Sets the private key for a server certificate or client certificate. |
| 52 * |
| 53 * A secure connection using this SecurityContext will use this key with |
| 54 * the server or client certificate to sign and decrypt messages. |
| 55 * [keyBytes] is the contents of a PEM file containing an encrypted |
| 56 * private key, encrypted with [password]. An unencrypted file can be |
| 57 * used, but this is not usual. |
| 58 */ |
| 59 void usePrivateKeyAsBytes(List<int> keyBytes, {String password}); |
45 | 60 |
46 /** | 61 /** |
47 * Sets the set of trusted X509 certificates used by [SecureSocket] | 62 * Sets the set of trusted X509 certificates used by [SecureSocket] |
48 * client connections, when connecting to a secure server. | 63 * client connections, when connecting to a secure server. |
49 * | 64 * |
50 * There are two ways to set a set of trusted certificates, with a single | 65 * There are two ways to set a set of trusted certificates, with a single |
51 * PEM file, or with a directory containing individual PEM files for | 66 * PEM file, or with a directory containing individual PEM files for |
52 * certificates. | 67 * certificates. |
53 * | 68 * |
54 * [file] is an optional PEM file containing X509 certificates, usually | 69 * [file] is an optional PEM file containing X509 certificates, usually |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
185 } | 200 } |
186 | 201 |
187 if (bytes.length >= (1 << 13)) { | 202 if (bytes.length >= (1 << 13)) { |
188 throw new ArgumentError( | 203 throw new ArgumentError( |
189 'The maximum message length supported is 2^13-1.'); | 204 'The maximum message length supported is 2^13-1.'); |
190 } | 205 } |
191 | 206 |
192 return new Uint8List.fromList(bytes); | 207 return new Uint8List.fromList(bytes); |
193 } | 208 } |
194 } | 209 } |
OLD | NEW |