Adds support for PKCS12 containers to SecurityContext

sdk/lib/io/security_context.dart

Index: sdk/lib/io/security_context.dart
diff --git a/sdk/lib/io/security_context.dart b/sdk/lib/io/security_context.dart
index 28351b26741cc88c7fc92fd4e17a2ee4d8106076..7fc7287651f58f35f6786e711f488ced6e3a6b6c 100644
--- a/sdk/lib/io/security_context.dart
+++ b/sdk/lib/io/security_context.dart
@@ -46,7 +46,7 @@ abstract class SecurityContext {
    *
    * A secure connection using this SecurityContext will use this key with
    * the server or client certificate to sign and decrypt messages.
-   * [keyFile] is a PEM file containing an encrypted
+   * [keyFile] is a PEM or PKCS12 file containing an encrypted
    * private key, encrypted with [password].  An unencrypted file can be
    * used, but this is not usual.
    */
@@ -62,11 +62,7 @@ abstract class SecurityContext {
   /**
    * Sets the private key for a server certificate or client certificate.
    *
-   * A secure connection using this SecurityContext will use this key with
-   * the server or client certificate to sign and decrypt messages.
-   * [keyBytes] is the contents of a PEM file containing an encrypted
-   * private key, encrypted with [password].  An unencrypted file can be
-   * used, but this is not usual.
+   * Like [usePrivateKeyBytesSync], but takes the contents of the file.
    */
   void usePrivateKeyBytes(List<int> keyBytes, {String password});
 
@@ -74,8 +70,10 @@ abstract class SecurityContext {
    * Sets the set of trusted X509 certificates used by [SecureSocket]
    * client connections, when connecting to a secure server.
    *
-   * [file] is the path to a PEM file containing X509 certificates, usually
-   * root certificates from certificate authorities.
+   * [file] is the path to a PEM or PKCS12 file containing X509 certificates,
+   * usually root certificates from certificate authorities. When using a
+   * PKCS12 file, it should not contain a private key, and the password should
+   * be the empty string.
    */
   void setTrustedCertificatesSync(String file);
 
@@ -90,8 +88,7 @@ abstract class SecurityContext {
    * Sets the set of trusted X509 certificates used by [SecureSocket]
    * client connections, when connecting to a secure server.
    *
-   * [file] is the contents of a PEM file containing X509 certificates, usually
-   * root certificates from certificate authorities.
+   * Like [setTrustedCertificatesSync] but takes the contents of the file.
    */
   void setTrustedCertificatesBytes(List<int> certBytes);
 
@@ -99,10 +96,12 @@ abstract class SecurityContext {
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
-   * [file] is a PEM file containing X509 certificates, starting with
+   * [file] is a PEM or PKCS12 file containing X509 certificates, starting with
    * the root authority and intermediate authorities forming the signed
    * chain to the server certificate, and ending with the server certificate.
-   * The private key for the server certificate is set by [usePrivateKey].
+   * The private key for the server certificate is set by [usePrivateKey]. When
+   * using a PKCS12 file, it should not contain a private key, and the password
+   * should be the empty string.
    */
   void useCertificateChainSync(String file);
 
@@ -117,19 +116,19 @@ abstract class SecurityContext {
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
-   * [chainBytes] is the contents of a PEM file containing X509 certificates,
-   * starting with the root authority and intermediate authorities forming the
-   * signed chain to the server certificate, and ending with the server
-   * certificate. The private key for the server certificate is set by
-   * [usePrivateKey].
+   * Like [useCertificateChainSync] but takes the contents of the file.
    */
   void useCertificateChainBytes(List<int> chainBytes);
 
   /**
    * Sets the list of authority names that a [SecureServer] will advertise
-   * as accepted, when requesting a client certificate from a connecting
-   * client.  [file] is a PEM file containing the accepted signing authority
-   * certificates - the authority names are extracted from the certificates.
+   * as accepted when requesting a client certificate from a connecting
+   * client.
+   *
+   * [file] is a PEM or PKCS12 file containing the accepted signing
+   * authority certificates - the authority names are extracted from the
+   * certificates. When using a PKCS12 file, it should not contain a private
+   * key, and the password should be the empty string.
    */
   void setClientAuthoritiesSync(String file);
 
@@ -143,9 +142,9 @@ abstract class SecurityContext {
   /**
    * Sets the list of authority names that a [SecureServer] will advertise
    * as accepted, when requesting a client certificate from a connecting
-   * client.  [authCertBytes] is the contents of a PEM file containing the
-   * accepted signing authority certificates - the authority names are extracted
-   * from the certificates.
+   * client.
+   *
+   * Like [setClientAuthoritySync] but takes the contents of the file.
    */
   void setClientAuthoritiesBytes(List<int> authCertBytes);