OLD | NEW |
1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.io; | 5 part of dart.io; |
6 | 6 |
7 /** | 7 /** |
8 * The object containing the certificates to trust when making | 8 * The object containing the certificates to trust when making |
9 * a secure client connection, and the certificate chain and | 9 * a secure client connection, and the certificate chain and |
10 * private key to serve from a secure server. | 10 * private key to serve from a secure server. |
(...skipping 28 matching lines...) Expand all Loading... |
39 * certificate authorities as its trusted roots. This list is | 39 * certificate authorities as its trusted roots. This list is |
40 * taken from Mozilla, who maintains it as part of Firefox. | 40 * taken from Mozilla, who maintains it as part of Firefox. |
41 */ | 41 */ |
42 external static SecurityContext get defaultContext; | 42 external static SecurityContext get defaultContext; |
43 | 43 |
44 /** | 44 /** |
45 * Sets the private key for a server certificate or client certificate. | 45 * Sets the private key for a server certificate or client certificate. |
46 * | 46 * |
47 * A secure connection using this SecurityContext will use this key with | 47 * A secure connection using this SecurityContext will use this key with |
48 * the server or client certificate to sign and decrypt messages. | 48 * the server or client certificate to sign and decrypt messages. |
49 * [keyFile] is a PEM file containing an encrypted | 49 * [keyFile] is a PEM or PKCS12 file containing an encrypted |
50 * private key, encrypted with [password]. An unencrypted file can be | 50 * private key, encrypted with [password]. An unencrypted file can be |
51 * used, but this is not usual. | 51 * used, but this is not usual. |
52 */ | 52 */ |
53 void usePrivateKeySync(String keyFile, {String password}); | 53 void usePrivateKeySync(String keyFile, {String password}); |
54 | 54 |
55 /** | 55 /** |
56 * [usePrivateKey] is deprecated. Use [usePrivateKeySync] or | 56 * [usePrivateKey] is deprecated. Use [usePrivateKeySync] or |
57 * [usePrivateKeyBytes]. | 57 * [usePrivateKeyBytes]. |
58 */ | 58 */ |
59 @deprecated | 59 @deprecated |
60 void usePrivateKey(String keyFile, {String password}); | 60 void usePrivateKey(String keyFile, {String password}); |
61 | 61 |
62 /** | 62 /** |
63 * Sets the private key for a server certificate or client certificate. | 63 * Sets the private key for a server certificate or client certificate. |
64 * | 64 * |
65 * A secure connection using this SecurityContext will use this key with | 65 * Like [usePrivateKeyBytesSync], but takes the contents of the file. |
66 * the server or client certificate to sign and decrypt messages. | |
67 * [keyBytes] is the contents of a PEM file containing an encrypted | |
68 * private key, encrypted with [password]. An unencrypted file can be | |
69 * used, but this is not usual. | |
70 */ | 66 */ |
71 void usePrivateKeyBytes(List<int> keyBytes, {String password}); | 67 void usePrivateKeyBytes(List<int> keyBytes, {String password}); |
72 | 68 |
73 /** | 69 /** |
74 * Sets the set of trusted X509 certificates used by [SecureSocket] | 70 * Sets the set of trusted X509 certificates used by [SecureSocket] |
75 * client connections, when connecting to a secure server. | 71 * client connections, when connecting to a secure server. |
76 * | 72 * |
77 * [file] is the path to a PEM file containing X509 certificates, usually | 73 * [file] is the path to a PEM or PKCS12 file containing X509 certificates, |
78 * root certificates from certificate authorities. | 74 * usually root certificates from certificate authorities. When using a |
| 75 * PKCS12 file, it should not contain a private key, and the password should |
| 76 * be the empty string. |
79 */ | 77 */ |
80 void setTrustedCertificatesSync(String file); | 78 void setTrustedCertificatesSync(String file); |
81 | 79 |
82 /** | 80 /** |
83 * [setTrustedCertificates] is deprecated. Use [setTrustedCertificatesSync] | 81 * [setTrustedCertificates] is deprecated. Use [setTrustedCertificatesSync] |
84 * or [setTrustedCertificatesBytes]. | 82 * or [setTrustedCertificatesBytes]. |
85 */ | 83 */ |
86 @deprecated | 84 @deprecated |
87 void setTrustedCertificates(String file); | 85 void setTrustedCertificates(String file); |
88 | 86 |
89 /** | 87 /** |
90 * Sets the set of trusted X509 certificates used by [SecureSocket] | 88 * Sets the set of trusted X509 certificates used by [SecureSocket] |
91 * client connections, when connecting to a secure server. | 89 * client connections, when connecting to a secure server. |
92 * | 90 * |
93 * [file] is the contents of a PEM file containing X509 certificates, usually | 91 * Like [setTrustedCertificatesSync] but takes the contents of the file. |
94 * root certificates from certificate authorities. | |
95 */ | 92 */ |
96 void setTrustedCertificatesBytes(List<int> certBytes); | 93 void setTrustedCertificatesBytes(List<int> certBytes); |
97 | 94 |
98 /** | 95 /** |
99 * Sets the chain of X509 certificates served by [SecureServer] | 96 * Sets the chain of X509 certificates served by [SecureServer] |
100 * when making secure connections, including the server certificate. | 97 * when making secure connections, including the server certificate. |
101 * | 98 * |
102 * [file] is a PEM file containing X509 certificates, starting with | 99 * [file] is a PEM or PKCS12 file containing X509 certificates, starting with |
103 * the root authority and intermediate authorities forming the signed | 100 * the root authority and intermediate authorities forming the signed |
104 * chain to the server certificate, and ending with the server certificate. | 101 * chain to the server certificate, and ending with the server certificate. |
105 * The private key for the server certificate is set by [usePrivateKey]. | 102 * The private key for the server certificate is set by [usePrivateKey]. When |
| 103 * using a PKCS12 file, it should not contain a private key, and the password |
| 104 * should be the empty string. |
106 */ | 105 */ |
107 void useCertificateChainSync(String file); | 106 void useCertificateChainSync(String file); |
108 | 107 |
109 /** | 108 /** |
110 * [useCertificateChain] is deprecated. Use [useCertificateChainSync] | 109 * [useCertificateChain] is deprecated. Use [useCertificateChainSync] |
111 * or [useCertificateChainBytes]. | 110 * or [useCertificateChainBytes]. |
112 */ | 111 */ |
113 @deprecated | 112 @deprecated |
114 void useCertificateChain({String file, String directory}); | 113 void useCertificateChain({String file, String directory}); |
115 | 114 |
116 /** | 115 /** |
117 * Sets the chain of X509 certificates served by [SecureServer] | 116 * Sets the chain of X509 certificates served by [SecureServer] |
118 * when making secure connections, including the server certificate. | 117 * when making secure connections, including the server certificate. |
119 * | 118 * |
120 * [chainBytes] is the contents of a PEM file containing X509 certificates, | 119 * Like [useCertificateChainSync] but takes the contents of the file. |
121 * starting with the root authority and intermediate authorities forming the | |
122 * signed chain to the server certificate, and ending with the server | |
123 * certificate. The private key for the server certificate is set by | |
124 * [usePrivateKey]. | |
125 */ | 120 */ |
126 void useCertificateChainBytes(List<int> chainBytes); | 121 void useCertificateChainBytes(List<int> chainBytes); |
127 | 122 |
128 /** | 123 /** |
129 * Sets the list of authority names that a [SecureServer] will advertise | 124 * Sets the list of authority names that a [SecureServer] will advertise |
130 * as accepted, when requesting a client certificate from a connecting | 125 * as accepted when requesting a client certificate from a connecting |
131 * client. [file] is a PEM file containing the accepted signing authority | 126 * client. |
132 * certificates - the authority names are extracted from the certificates. | 127 * |
| 128 * [file] is a PEM or PKCS12 file containing the accepted signing |
| 129 * authority certificates - the authority names are extracted from the |
| 130 * certificates. When using a PKCS12 file, it should not contain a private |
| 131 * key, and the password should be the empty string. |
133 */ | 132 */ |
134 void setClientAuthoritiesSync(String file); | 133 void setClientAuthoritiesSync(String file); |
135 | 134 |
136 /** | 135 /** |
137 * [setClientAuthorities] is deprecated. Use [setClientAuthoritiesSync] | 136 * [setClientAuthorities] is deprecated. Use [setClientAuthoritiesSync] |
138 * or [setClientAuthoritiesBytes]. | 137 * or [setClientAuthoritiesBytes]. |
139 */ | 138 */ |
140 @deprecated | 139 @deprecated |
141 void setClientAuthorities(String file); | 140 void setClientAuthorities(String file); |
142 | 141 |
143 /** | 142 /** |
144 * Sets the list of authority names that a [SecureServer] will advertise | 143 * Sets the list of authority names that a [SecureServer] will advertise |
145 * as accepted, when requesting a client certificate from a connecting | 144 * as accepted, when requesting a client certificate from a connecting |
146 * client. [authCertBytes] is the contents of a PEM file containing the | 145 * client. |
147 * accepted signing authority certificates - the authority names are extracted | 146 * |
148 * from the certificates. | 147 * Like [setClientAuthoritySync] but takes the contents of the file. |
149 */ | 148 */ |
150 void setClientAuthoritiesBytes(List<int> authCertBytes); | 149 void setClientAuthoritiesBytes(List<int> authCertBytes); |
151 | 150 |
152 /** | 151 /** |
153 * Sets the list of application-level protocols supported by a client | 152 * Sets the list of application-level protocols supported by a client |
154 * connection or server connection. The ALPN (application level protocol | 153 * connection or server connection. The ALPN (application level protocol |
155 * negotiation) extension to TLS allows a client to send a list of | 154 * negotiation) extension to TLS allows a client to send a list of |
156 * protocols in the TLS client hello message, and the server to pick | 155 * protocols in the TLS client hello message, and the server to pick |
157 * one and send the selected one back in its server hello message. | 156 * one and send the selected one back in its server hello message. |
158 * | 157 * |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
254 } | 253 } |
255 | 254 |
256 if (bytes.length >= (1 << 13)) { | 255 if (bytes.length >= (1 << 13)) { |
257 throw new ArgumentError( | 256 throw new ArgumentError( |
258 'The maximum message length supported is 2^13-1.'); | 257 'The maximum message length supported is 2^13-1.'); |
259 } | 258 } |
260 | 259 |
261 return new Uint8List.fromList(bytes); | 260 return new Uint8List.fromList(bytes); |
262 } | 261 } |
263 } | 262 } |
OLD | NEW |