Allows adding trusted certs on iOS.

sdk/lib/io/security_context.dart

 // Copyright (c) 2015, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * The object containing the certificates to trust when making
  * a secure client connection, and the certificate chain and
  * private key to serve from a secure server.
  *
  * The [SecureSocket]  and [SecureServer] classes take a SecurityContext
  * as an argument to their connect and bind methods.
  *
  * Certificates and keys can be added to a SecurityContext from either PEM
  * or PKCS12 containers.
  *
- * iOS note: methods to add, remove, and inspect certificates are not yet
- * implemented. That is, only the platform's built-in trusted certificates can
+ * iOS note: Some methods to add, remove, and inspect certificates are not yet
+ * implemented. However, the platform's built-in trusted certificates can
  * be used, by way of [SecurityContext.defaultContext].
  */
 abstract class SecurityContext {
   external factory SecurityContext();
 
   /**
    * Secure networking classes with an optional `context` parameter
    * use the [defaultContext] object if the parameter is omitted.
    * This object can also be accessed, and modified, directly.
    * Each isolate has a different [defaultContext] object.
@@ skipping 10 matching lines @@
    *
    * A secure connection using this SecurityContext will use this key with
    * the server or client certificate to sign and decrypt messages.
    * [file] is the path to a PEM or PKCS12 file containing an encrypted
    * private key, encrypted with [password]. Assuming it is well-formatted, all
    * other contents of [file] are ignored. An unencrypted file can be used,
    * but this is not usual.
    *
    * NB: This function calls [ReadFileAsBytesSync], and will block on file IO.
    * Prefer using [usePrivateKeyBytes].
+   *
+   * iOS note: Not yet implemented.
    */
   void usePrivateKey(String file, {String password});
 
   /**
    * Sets the private key for a server certificate or client certificate.
    *
    * Like [usePrivateKey], but takes the contents of the file as a list
    * of bytes.
+   *
+   * iOS note: Not yet implemented.
    */
   void usePrivateKeyBytes(List<int> keyBytes, {String password});
 
   /**
    * Sets the set of trusted X509 certificates used by [SecureSocket]
    * client connections, when connecting to a secure server.
    *
    * [file] is the path to a PEM or PKCS12 file containing X509 certificates,
    * usually root certificates from certificate authorities. For PKCS12 files,
    * [password] is the password for the file. For PEM files, [password] is
    * ignored. Assuming it is well-formatted, all other contents of [file] are
    * ignored.
    *
    * NB: This function calls [ReadFileAsBytesSync], and will block on file IO.
    * Prefer using [setTrustedCertificatesBytes].
    */
   void setTrustedCertificates(String file, {String password});
 
   /**
    * Sets the set of trusted X509 certificates used by [SecureSocket]
    * client connections, when connecting to a secure server.
    *
    * Like [setTrustedCertificates] but takes the contents of the file.
+   *
+   * iOS note: On iOS, this call takes only the bytes for a single DER
+   * encoded X509 certificate. It may be called multiple times to add
+   * multiple trusted certificates to the context. A DER encoded certificate
+   * can be obtained from a PEM encoded certificate by using the openssl tool:
+   *
+   *   $ openssl x509 -outform der -in cert.pem -out cert.der
    */
   void setTrustedCertificatesBytes(List<int> certBytes, {String password});
 
   /**
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
    * [file] is a PEM or PKCS12 file containing X509 certificates, starting with
    * the root authority and intermediate authorities forming the signed
    * chain to the server certificate, and ending with the server certificate.
    * The private key for the server certificate is set by [usePrivateKey]. For
    * PKCS12 files, [password] is the password for the file. For PEM files,
    * [password] is ignored. Assuming it is well-formatted, all
    * other contents of [file] are ignored.
    *
    * NB: This function calls [ReadFileAsBytesSync], and will block on file IO.
    * Prefer using [useCertificateChainBytes].
+   *
+   * iOS note: Not yet implemented.
    */
   void useCertificateChain(String file, {String password});
 
   /**
    * Sets the chain of X509 certificates served by [SecureServer]
    * when making secure connections, including the server certificate.
    *
    * Like [useCertificateChain] but takes the contents of the file.
+   *
+   * iOS note: Not yet implemented.
    */
   void useCertificateChainBytes(List<int> chainBytes, {String password});
 
   /**
    * Sets the list of authority names that a [SecureServer] will advertise
    * as accepted when requesting a client certificate from a connecting
    * client.
    *
    * [file] is a PEM or PKCS12 file containing the accepted signing
    * authority certificates - the authority names are extracted from the
    * certificates. For PKCS12 files, [password] is the password for the file.
    * For PEM files, [password] is ignored. Assuming it is well-formatted, all
    * other contents of [file] are ignored.
    *
    * NB: This function calls [ReadFileAsBytesSync], and will block on file IO.
    * Prefer using [setClientAuthoritiesBytes].
+   *
+   * iOS note: Not yet implemented.
    */
   void setClientAuthorities(String file, {String password});
 
   /**
    * Sets the list of authority names that a [SecureServer] will advertise
    * as accepted, when requesting a client certificate from a connecting
    * client.
    *
    * Like [setClientAuthority] but takes the contents of the file.
+   *
+   * iOS note: Not yet implemented.
    */
   void setClientAuthoritiesBytes(List<int> authCertBytes, {String password});
 
   /**
    * Whether the platform supports ALPN.
    */
   external static bool get alpnSupported;
 
   /**
    * Sets the list of application-level protocols supported by a client
@@ skipping 100 matching lines @@
     }
 
     if (bytes.length >= (1 << 13)) {
       throw new ArgumentError(
           'The maximum message length supported is 2^13-1.');
     }
 
     return new Uint8List.fromList(bytes);
   }
 }