Adds SecurityContext.setTrustedCertificatesBytes

sdk/lib/io/security_context.dart

 // Copyright (c) 2015, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * The object containing the certificates to trust when making
  * a secure client connection, and the certificate chain and
  * private key to serve from a secure server.
@@ skipping 23 matching lines @@
   external static SecurityContext get defaultContext;
 
   /**
    * Sets the private key for a server certificate or client certificate.
    *
    * A secure connection using this SecurityContext will use this key with
    * the server or client certificate to sign and decrypt messages.
    * [keyFile] is a PEM file containing an encrypted
    * private key, encrypted with [password].  An unencrypted file can be
    * used, but this is not usual.
-   *
-   * The function returns a [Future] that completes when the key has been added
-   * to the context.
    */
-  Future usePrivateKey(String keyFile, {String password});
+  void usePrivateKeySync(String keyFile, {String password});
 
   /**
    * Sets the private key for a server certificate or client certificate.
    *
    * A secure connection using this SecurityContext will use this key with
    * the server or client certificate to sign and decrypt messages.
    * [keyBytes] is the contents of a PEM file containing an encrypted
    * private key, encrypted with [password].  An unencrypted file can be
    * used, but this is not usual.
    */
   void usePrivateKeyBytes(List<int> keyBytes, {String password});
 
   /**
    * Sets the set of trusted X509 certificates used by [SecureSocket]
    * client connections, when connecting to a secure server.
    *
-   * There are two ways to set a set of trusted certificates, with a single
-   * PEM file, or with a directory containing individual PEM files for
-   * certificates.
+   * [file] is the path to a PEM file containing X509 certificates, usually
+   * root certificates from certificate authorities.
+   */
+  void setTrustedCertificatesSync(String file);
+
+  /**
+   * Sets the set of trusted X509 certificates used by [SecureSocket]
+   * client connections, when connecting to a secure server.
    *
-   * [file] is an optional PEM file containing X509 certificates, usually
+   * [file] is the contents of a PEM file containing X509 certificates, usually
    * root certificates from certificate authorities.
-   *
-   * [directory] is an optional directory containing PEM files.  The directory
-   * must also have filesystem links added, which link extra filenames based
-   * on the hash of a certificate's distinguished name (DN) to the file
-   * containing that certificate. OpenSSL contains a tool called c_rehash
-   * to create these links in a directory.
    */
-  void setTrustedCertificates({String file, String directory});
+  void setTrustedCertificatesBytes(List<int> certBytes);
 
   /**
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
    * [file] is a PEM file containing X509 certificates, starting with
    * the root authority and intermediate authorities forming the signed
    * chain to the server certificate, and ending with the server certificate.
    * The private key for the server certificate is set by [usePrivateKey].
-   *
-   * The function returns a [Future] that completes when the certificate chain
-   * has been set.
    */
-  Future useCertificateChain(String file);
+  void useCertificateChainSync(String file);
 
   /**
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
    * [chainBytes] is the contents of a PEM file containing X509 certificates,
    * starting with the root authority and intermediate authorities forming the
    * signed chain to the server certificate, and ending with the server
    * certificate. The private key for the server certificate is set by
    * [usePrivateKey].
    */
   void useCertificateChainBytes(List<int> chainBytes);
 
   /**
    * Sets the list of authority names that a [SecureServer] will advertise
    * as accepted, when requesting a client certificate from a connecting
    * client.  [file] is a PEM file containing the accepted signing authority
    * certificates - the authority names are extracted from the certificates.
    */
-  void setClientAuthorities(String file);

[kevmoo, 2016/02/05 22:26:06]

Keep this API around for 1.15 marked as deprecated and pointing to
setClientAuthoritiesSync

Is there a desired to ship an async version of this? Why change the name at all?

[zra, 2016/02/05 23:10:39]

Done.
The functions are *not* obviously synchronous. I had to dig through the
BoringSSL code to discover that that is what was happening. The name without
Sync is wrong. It is a bug we have to fix.

We are shipping an async-friendly version. Those are the Bytes functions.

+  void setClientAuthoritiesSync(String file);
+
+  /**
+   * Sets the list of authority names that a [SecureServer] will advertise
+   * as accepted, when requesting a client certificate from a connecting
+   * client.  [authCertBytes] is the contents of a PEM file containing the
+   * accepted signing authority certificates - the authority names are extracted
+   * from the certificates.
+   */
+  void setClientAuthoritiesBytes(List<int> authCertBytes);
 
   /**
    * Sets the list of application-level protocols supported by a client
    * connection or server connection. The ALPN (application level protocol
    * negotiation) extension to TLS allows a client to send a list of
    * protocols in the TLS client hello message, and the server to pick
    * one and send the selected one back in its server hello message.
    *
    * Separate lists of protocols can be sent for client connections and
    * for server connections, using the same SecurityContext.  The [isServer]
@@ skipping 93 matching lines @@
     }
 
     if (bytes.length >= (1 << 13)) {
       throw new ArgumentError(
           'The maximum message length supported is 2^13-1.');
     }
 
     return new Uint8List.fromList(bytes);
   }
 }