OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.io; | 5 part of dart.io; |
6 | 6 |
7 /** | 7 /** |
8 * A high-level class for communicating securely over a TCP socket, using | 8 * A high-level class for communicating securely over a TCP socket, using |
9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an | 9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an |
10 * [IOSink] interface, making it ideal for using together with | 10 * [IOSink] interface, making it ideal for using together with |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
50 | 50 |
51 /** | 51 /** |
52 * Takes an already connected [socket] and starts client side TLS | 52 * Takes an already connected [socket] and starts client side TLS |
53 * handshake to make the communication secure. When the returned | 53 * handshake to make the communication secure. When the returned |
54 * future completes the [SecureSocket] has completed the TLS | 54 * future completes the [SecureSocket] has completed the TLS |
55 * handshake. Using this function requires that the other end of the | 55 * handshake. Using this function requires that the other end of the |
56 * connection is prepared for TLS handshake. | 56 * connection is prepared for TLS handshake. |
57 * | 57 * |
58 * If the [socket] already has a subscription, this subscription | 58 * If the [socket] already has a subscription, this subscription |
59 * will no longer receive and events. In most cases calling | 59 * will no longer receive and events. In most cases calling |
60 * [:pause:] on this subscription before starting TLS handshake is | 60 * `pause` on this subscription before starting TLS handshake is |
61 * the right thing to do. | 61 * the right thing to do. |
62 * | 62 * |
63 * If the [host] argument is passed it will be used as the host name | 63 * If the [host] argument is passed it will be used as the host name |
64 * for the TLS handshake. If [host] is not passed the host name from | 64 * for the TLS handshake. If [host] is not passed the host name from |
65 * the [socket] will be used. The [host] can be either a [String] or | 65 * the [socket] will be used. The [host] can be either a [String] or |
66 * an [InternetAddress]. | 66 * an [InternetAddress]. |
67 * | 67 * |
| 68 * Calling this function will _not_ cause a DNS host lookup. If the |
| 69 * [host] passed is a [String] the [InternetAddress] for the |
| 70 * resulting [SecureSocket] will have the passed in [host] as its |
| 71 * host value and the internet address of the already connected |
| 72 * socket as its address value. |
| 73 * |
68 * See [connect] for more information on the arguments. | 74 * See [connect] for more information on the arguments. |
69 * | 75 * |
70 */ | 76 */ |
71 static Future<SecureSocket> secure( | 77 static Future<SecureSocket> secure( |
72 Socket socket, | 78 Socket socket, |
73 {host, | 79 {host, |
74 bool sendClientCertificate: false, | 80 bool sendClientCertificate: false, |
75 String certificateName, | 81 String certificateName, |
76 bool onBadCertificate(X509Certificate certificate)}) { | 82 bool onBadCertificate(X509Certificate certificate)}) { |
77 var completer = new Completer(); | 83 var completer = new Completer(); |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 /** | 245 /** |
240 * Takes an already connected [socket] and starts client side TLS | 246 * Takes an already connected [socket] and starts client side TLS |
241 * handshake to make the communication secure. When the returned | 247 * handshake to make the communication secure. When the returned |
242 * future completes the [RawSecureSocket] has completed the TLS | 248 * future completes the [RawSecureSocket] has completed the TLS |
243 * handshake. Using this function requires that the other end of the | 249 * handshake. Using this function requires that the other end of the |
244 * connection is prepared for TLS handshake. | 250 * connection is prepared for TLS handshake. |
245 * | 251 * |
246 * If the [socket] already has a subscription, pass the existing | 252 * If the [socket] already has a subscription, pass the existing |
247 * subscription in the [subscription] parameter. The secure socket | 253 * subscription in the [subscription] parameter. The secure socket |
248 * will take over the subscription and process any subsequent | 254 * will take over the subscription and process any subsequent |
249 * events. | 255 * events. In most cases calling `pause` on this subscription before |
| 256 * starting TLS handshake is the right thing to do. |
| 257 * |
| 258 * If the [host] argument is passed it will be used as the host name |
| 259 * for the TLS handshake. If [host] is not passed the host name from |
| 260 * the [socket] will be used. The [host] can be either a [String] or |
| 261 * an [InternetAddress]. |
| 262 * |
| 263 * Calling this function will _not_ cause a DNS host lookup. If the |
| 264 * [host] passed is a [String] the [InternetAddress] for the |
| 265 * resulting [SecureSocket] will have this passed in [host] as its |
| 266 * host value and the internet address of the already connected |
| 267 * socket as its address value. |
250 * | 268 * |
251 * See [connect] for more information on the arguments. | 269 * See [connect] for more information on the arguments. |
252 * | 270 * |
253 */ | 271 */ |
254 static Future<RawSecureSocket> secure( | 272 static Future<RawSecureSocket> secure( |
255 RawSocket socket, | 273 RawSocket socket, |
256 {StreamSubscription subscription, | 274 {StreamSubscription subscription, |
257 host, | 275 host, |
258 bool sendClientCertificate: false, | 276 bool sendClientCertificate: false, |
259 String certificateName, | 277 String certificateName, |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
391 {bool is_server, | 409 {bool is_server, |
392 RawSocket socket, | 410 RawSocket socket, |
393 StreamSubscription subscription, | 411 StreamSubscription subscription, |
394 List<int> bufferedData, | 412 List<int> bufferedData, |
395 bool requestClientCertificate: false, | 413 bool requestClientCertificate: false, |
396 bool requireClientCertificate: false, | 414 bool requireClientCertificate: false, |
397 bool sendClientCertificate: false, | 415 bool sendClientCertificate: false, |
398 bool onBadCertificate(X509Certificate certificate)}) { | 416 bool onBadCertificate(X509Certificate certificate)}) { |
399 var future; | 417 var future; |
400 if (host is String) { | 418 if (host is String) { |
401 future = InternetAddress.lookup(host).then((addrs) => addrs.first); | 419 if (socket != null) { |
| 420 future = new Future.value( |
| 421 (socket.address as dynamic)._cloneWithNewHost(host)); |
| 422 } else { |
| 423 future = InternetAddress.lookup(host).then((addrs) => addrs.first); |
| 424 } |
402 } else { | 425 } else { |
403 future = new Future.value(host); | 426 future = new Future.value(host); |
404 } | 427 } |
405 return future.then((addr) { | 428 return future.then((addr) { |
406 return new _RawSecureSocket(addr, | 429 return new _RawSecureSocket(addr, |
407 requestedPort, | 430 requestedPort, |
408 certificateName, | 431 certificateName, |
409 is_server, | 432 is_server, |
410 socket, | 433 socket, |
411 subscription, | 434 subscription, |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
463 _socketSubscription = _socket.listen(_eventDispatcher, | 486 _socketSubscription = _socket.listen(_eventDispatcher, |
464 onError: _errorHandler, | 487 onError: _errorHandler, |
465 onDone: _doneHandler); | 488 onDone: _doneHandler); |
466 } else { | 489 } else { |
467 _socketSubscription.onData(_eventDispatcher); | 490 _socketSubscription.onData(_eventDispatcher); |
468 _socketSubscription.onError(_errorHandler); | 491 _socketSubscription.onError(_errorHandler); |
469 _socketSubscription.onDone(_doneHandler); | 492 _socketSubscription.onDone(_doneHandler); |
470 } | 493 } |
471 _connectPending = true; | 494 _connectPending = true; |
472 _secureFilter.connect(address.host, | 495 _secureFilter.connect(address.host, |
| 496 (address as dynamic)._sockaddr_storage, |
473 port, | 497 port, |
474 is_server, | 498 is_server, |
475 certificateName, | 499 certificateName, |
476 requestClientCertificate || | 500 requestClientCertificate || |
477 requireClientCertificate, | 501 requireClientCertificate, |
478 requireClientCertificate, | 502 requireClientCertificate, |
479 sendClientCertificate); | 503 sendClientCertificate); |
480 _status = HANDSHAKE; | 504 _status = HANDSHAKE; |
481 _secureHandshake(); | 505 _secureHandshake(); |
482 }) | 506 }) |
(...skipping 474 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
957 List data; // This will be a ExternalByteArray, backed by C allocated data. | 981 List data; // This will be a ExternalByteArray, backed by C allocated data. |
958 int start; | 982 int start; |
959 int length; | 983 int length; |
960 } | 984 } |
961 | 985 |
962 | 986 |
963 abstract class _SecureFilter { | 987 abstract class _SecureFilter { |
964 external factory _SecureFilter(); | 988 external factory _SecureFilter(); |
965 | 989 |
966 void connect(String hostName, | 990 void connect(String hostName, |
| 991 Uint8List addr, |
967 int port, | 992 int port, |
968 bool is_server, | 993 bool is_server, |
969 String certificateName, | 994 String certificateName, |
970 bool requestClientCertificate, | 995 bool requestClientCertificate, |
971 bool requireClientCertificate, | 996 bool requireClientCertificate, |
972 bool sendClientCertificate); | 997 bool sendClientCertificate); |
973 void destroy(); | 998 void destroy(); |
974 void handshake(); | 999 void handshake(); |
975 void init(); | 1000 void init(); |
976 X509Certificate get peerCertificate; | 1001 X509Certificate get peerCertificate; |
977 int processBuffer(int bufferIndex); | 1002 int processBuffer(int bufferIndex); |
978 void registerBadCertificateCallback(Function callback); | 1003 void registerBadCertificateCallback(Function callback); |
979 void registerHandshakeCompleteCallback(Function handshakeCompleteHandler); | 1004 void registerHandshakeCompleteCallback(Function handshakeCompleteHandler); |
980 | 1005 |
981 List<_ExternalBuffer> get buffers; | 1006 List<_ExternalBuffer> get buffers; |
982 } | 1007 } |
OLD | NEW |