Index: runtime/bin/secure_socket_macos.h |
diff --git a/runtime/bin/secure_socket_macos.h b/runtime/bin/secure_socket_macos.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..e78321cda96a4c86d98eaff139ac7a570dfb0b9e |
--- /dev/null |
+++ b/runtime/bin/secure_socket_macos.h |
@@ -0,0 +1,149 @@ |
+// Copyright (c) 2016, the Dart project authors. Please see the AUTHORS file |
+// for details. All rights reserved. Use of this source code is governed by a |
+// BSD-style license that can be found in the LICENSE file. |
+ |
+#ifndef BIN_SECURE_SOCKET_MACOS_H_ |
+#define BIN_SECURE_SOCKET_MACOS_H_ |
+ |
+#if !defined(BIN_SECURE_SOCKET_H_) |
+#error Do not include secure_socket_macos.h directly. Use secure_socket.h. |
+#endif |
+ |
+#include <stdlib.h> |
+#include <string.h> |
+#include <stdio.h> |
+#include <sys/types.h> |
+ |
+#include <CoreFoundation/CoreFoundation.h> |
+#include <Security/SecureTransport.h> |
+#include <Security/Security.h> |
+ |
+#include "bin/builtin.h" |
+#include "bin/dartutils.h" |
+#include "bin/socket.h" |
+#include "bin/thread.h" |
+#include "bin/utils.h" |
+ |
+namespace dart { |
+namespace bin { |
+ |
+// Forward declaration of SSLContext. |
+class SSLCertContext; |
+ |
+// SSLFilter encapsulates the SecureTransport code in a filter that communicates |
+// with the containing _SecureFilterImpl Dart object through four shared |
+// ExternalByteArray buffers, for reading and writing plaintext, and |
+// reading and writing encrypted text. The filter handles handshaking |
+// and certificate verification. |
+class SSLFilter { |
+ public: |
+ // These enums must agree with those in sdk/lib/io/secure_socket.dart. |
+ enum BufferIndex { |
+ kReadPlaintext, |
+ kWritePlaintext, |
+ kReadEncrypted, |
+ kWriteEncrypted, |
+ kNumBuffers, |
+ kFirstEncrypted = kReadEncrypted |
+ }; |
+ |
+ SSLFilter() |
+ : cert_context_(NULL), |
+ ssl_context_(NULL), |
+ peer_certs_(NULL), |
+ string_start_(NULL), |
+ string_length_(NULL), |
+ handshake_complete_(NULL), |
+ bad_certificate_callback_(NULL), |
+ in_handshake_(false), |
+ connected_(false), |
+ bad_cert_(false), |
+ is_server_(false), |
+ hostname_(NULL) { |
+ } |
+ |
+ ~SSLFilter(); |
+ |
+ // Callback called by the IOService. |
+ static CObject* ProcessFilterRequest(const CObjectArray& request); |
+ |
+ Dart_Handle Init(Dart_Handle dart_this); |
+ void Connect(Dart_Handle dart_this, |
+ const char* hostname, |
+ SSLCertContext* context, |
+ bool is_server, |
+ bool request_client_certificate, |
+ bool require_client_certificate); |
+ void Destroy(); |
+ OSStatus CheckHandshake(); |
+ void Renegotiate(bool use_session_cache, |
+ bool request_client_certificate, |
+ bool require_client_certificate); |
+ void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete); |
+ void RegisterBadCertificateCallback(Dart_Handle callback); |
+ Dart_Handle PeerCertificate(); |
+ |
+ private: |
+ static OSStatus SSLReadCallback(SSLConnectionRef connection, |
+ void* data, |
+ size_t* data_length); |
+ static OSStatus SSLWriteCallback(SSLConnectionRef connection, |
+ const void* data, |
+ size_t* data_length); |
+ |
+ static bool isBufferEncrypted(intptr_t i) { |
+ return static_cast<BufferIndex>(i) >= kFirstEncrypted; |
+ } |
+ Dart_Handle InitializeBuffers(Dart_Handle dart_this); |
+ |
+ intptr_t GetBufferStart(intptr_t idx) const; |
+ intptr_t GetBufferEnd(intptr_t idx) const; |
+ void SetBufferStart(intptr_t idx, intptr_t value); |
+ void SetBufferEnd(intptr_t idx, intptr_t value); |
+ |
+ OSStatus ProcessAllBuffers(intptr_t starts[kNumBuffers], |
+ intptr_t ends[kNumBuffers], |
+ bool in_handshake); |
+ OSStatus ProcessReadPlaintextBuffer(intptr_t start, |
+ intptr_t end, |
+ intptr_t* bytes_processed); |
+ OSStatus ProcessWritePlaintextBuffer(intptr_t start, |
+ intptr_t end, |
+ intptr_t* bytes_processed); |
+ |
+ // These calls can block on IO, and should only be invoked from |
+ // from ProcessAllBuffers from ProcessFilterRequest. |
+ OSStatus EvaluatePeerTrust(); |
+ OSStatus Handshake(); |
+ Dart_Handle InvokeBadCertCallback(SecCertificateRef peer_cert); |
+ |
+ SSLCertContext* cert_context_; |
+ SSLContextRef ssl_context_; |
+ CFArrayRef peer_certs_; |
+ |
+ // starts and ends filled in at the start of ProcessAllBuffers. |
+ // If these are NULL, then try to get the pointers out of |
+ // dart_buffer_objects_. |
+ uint8_t* buffers_[kNumBuffers]; |
+ intptr_t* buffer_starts_[kNumBuffers]; |
+ intptr_t* buffer_ends_[kNumBuffers]; |
+ intptr_t buffer_size_; |
+ intptr_t encrypted_buffer_size_; |
+ Dart_PersistentHandle string_start_; |
+ Dart_PersistentHandle string_length_; |
+ Dart_PersistentHandle dart_buffer_objects_[kNumBuffers]; |
+ Dart_PersistentHandle handshake_complete_; |
+ Dart_PersistentHandle bad_certificate_callback_; |
+ bool in_handshake_; |
+ bool connected_; |
+ bool bad_cert_; |
+ bool is_server_; |
+ char* hostname_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(SSLFilter); |
+}; |
+ |
+} // namespace bin |
+} // namespace dart |
+ |
+#endif // BIN_SECURE_SOCKET_MACOS_H_ |