Adds SecurityContext.setTrustedCertificatesBytes

runtime/bin/secure_socket.cc

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 #include "bin/secure_socket.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <stdio.h>
@@ skipping 427 matching lines @@
     delete[] key_bytes;
   }
 
   // TODO(24184): Handle different expected errors here - file missing,
   // incorrect password, file not a PEM, and throw exceptions.
   // CheckStatus should also throw an exception in uncaught cases.
   CheckStatus(status, "TlsException", "Failure in usePrivateKeyBytes");
 }
 
 
-void FUNCTION_NAME(SecurityContext_SetTrustedCertificates)(
-    Dart_NativeArguments args) {
-  SSL_CTX* context = GetSecurityContext(args);
-  Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1));
-  const char* filename = NULL;
-  if (Dart_IsString(filename_object)) {
-    ThrowIfError(Dart_StringToCString(filename_object, &filename));
-  }
-  Dart_Handle directory_object = ThrowIfError(Dart_GetNativeArgument(args, 2));
-  const char* directory = NULL;
-  if (Dart_IsString(directory_object)) {
-    ThrowIfError(Dart_StringToCString(directory_object, &directory));
-  } else if (Dart_IsNull(directory_object)) {
-    directory = NULL;
-  } else {
-    Dart_ThrowException(DartUtils::NewDartArgumentError(
-        "Directory argument to SecurityContext.setTrustedCertificates is not "
-        "a String or null"));
+static int SetTrustedCertificatesBytes(
+    SSL_CTX* context, uint8_t* certs_bytes, intptr_t certs_bytes_len) {
+  X509_STORE* store = SSL_CTX_get_cert_store(context);
+  BIO* bio = BIO_new_mem_buf(certs_bytes, certs_bytes_len);
+  if (bio == NULL) {
+    return 0;
   }
 
-  int status = SSL_CTX_load_verify_locations(context, filename, directory);
-  CheckStatus(
-      status, "TlsException", "SSL_CTX_load_verify_locations");
+  int status = 0;
+  X509* cert = NULL;
+  while ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
+    status = X509_STORE_add_cert(store, cert);
+    if (status == 0) {
+      X509_free(cert);
+      BIO_free(bio);
+      return status;
+    }
+  }
+
+  uint32_t err = ERR_peek_last_error();
+  if ((ERR_GET_LIB(err) == ERR_LIB_PEM) &&
+      (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
+    // Reached the end of the buffer.
+    ERR_clear_error();
+  } else {
+    // Some real error happened.
+    status = 0;
+  }
+
+  BIO_free(bio);
+  return status;
 }
 
 
+void FUNCTION_NAME(SecurityContext_SetTrustedCertificatesBytes)(
+    Dart_NativeArguments args) {
+  SSL_CTX* context = GetSecurityContext(args);
+
+  Dart_Handle certs_object = ThrowIfError(Dart_GetNativeArgument(args, 1));
+  if (!Dart_IsTypedData(certs_object) && !Dart_IsList(certs_object)) {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+        "certBytes argument to SecurityContext.setTrustedCertificates "
+        "is not a List<int>"));
+  }
+
+  uint8_t* certs_bytes = NULL;
+  intptr_t certs_bytes_len = 0;
+  bool is_typed_data = false;
+  if (Dart_IsTypedData(certs_object)) {
+    is_typed_data = true;
+    Dart_TypedData_Type typ;
+    ThrowIfError(Dart_TypedDataAcquireData(
+        certs_object,
+        &typ,
+        reinterpret_cast<void**>(&certs_bytes),
+        &certs_bytes_len));
+  } else {
+    ASSERT(Dart_IsList(certs_object));
+    ThrowIfError(Dart_ListLength(certs_object, &certs_bytes_len));
+    certs_bytes = new uint8_t[certs_bytes_len];
+    Dart_Handle err =
+        Dart_ListGetAsBytes(certs_object, 0, certs_bytes, certs_bytes_len);
+    if (Dart_IsError(err)) {
+      delete[] certs_bytes;
+      Dart_PropagateError(err);
+    }
+  }
+  ASSERT(certs_bytes != NULL);
+
+  int status = SetTrustedCertificatesBytes(
+      context, certs_bytes, certs_bytes_len);
+
+  if (is_typed_data) {
+    ThrowIfError(Dart_TypedDataReleaseData(certs_object));
+  } else {
+    delete[] certs_bytes;
+  }
+  CheckStatus(status,
+              "TlsException",
+              "Failure in setTrustedCertificatesBytes");
+}
+
+
 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)(
     Dart_NativeArguments args) {
   SSL_CTX* context = GetSecurityContext(args);
   X509_STORE* store = SSL_CTX_get_cert_store(context);
   BIO* roots_bio =
       BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem),
                       root_certificates_pem_length);
   X509* root_cert;
   // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case,
   // backed by a memory buffer), and returns X509 objects, one by one.
@@ skipping 752 matching lines @@
     } else {
       if (SSL_LOG_DATA) Log::Print(
           "WriteEncrypted  BIO_read wrote %d bytes\n", bytes_processed);
     }
   }
   return bytes_processed;
 }
 
 }  // namespace bin
 }  // namespace dart