OLD | NEW |
1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2013, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 part of dart.io; | 5 part of dart.io; |
6 | 6 |
7 /** | 7 /** |
8 * A high-level class for communicating securely over a TCP socket, using | 8 * A high-level class for communicating securely over a TCP socket, using |
9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an | 9 * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an |
10 * [IOSink] interface, making it ideal for using together with | 10 * [IOSink] interface, making it ideal for using together with |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
143 /** | 143 /** |
144 * Get the peer certificate for a connected SecureSocket. If this | 144 * Get the peer certificate for a connected SecureSocket. If this |
145 * SecureSocket is the server end of a secure socket connection, | 145 * SecureSocket is the server end of a secure socket connection, |
146 * [peerCertificate] will return the client certificate, or null, if no | 146 * [peerCertificate] will return the client certificate, or null, if no |
147 * client certificate was received. If it is the client end, | 147 * client certificate was received. If it is the client end, |
148 * [peerCertificate] will return the server's certificate. | 148 * [peerCertificate] will return the server's certificate. |
149 */ | 149 */ |
150 X509Certificate get peerCertificate; | 150 X509Certificate get peerCertificate; |
151 | 151 |
152 /** | 152 /** |
| 153 * Renegotiate an existing secure connection, renewing the session keys |
| 154 * and possibly changing the connection properties. |
| 155 * |
| 156 * This repeats the SSL or TLS handshake, with options that allow clearing |
| 157 * the session cache and requesting a client certificate. |
| 158 */ |
| 159 void renegotiate({bool useSessionCache: true, |
| 160 bool requestClientCertificate: false, |
| 161 bool requireClientCertificate: false}); |
| 162 |
| 163 /** |
153 * Initializes the NSS library. If [initialize] is not called, the library | 164 * Initializes the NSS library. If [initialize] is not called, the library |
154 * is automatically initialized as if [initialize] were called with no | 165 * is automatically initialized as if [initialize] were called with no |
155 * arguments. If [initialize] is called more than once, or called after | 166 * arguments. If [initialize] is called more than once, or called after |
156 * automatic initialization has happened (when a secure connection is made), | 167 * automatic initialization has happened (when a secure connection is made), |
157 * then a TlsException is thrown. | 168 * then a TlsException is thrown. |
158 * | 169 * |
159 * The optional argument [database] is the path to a certificate database | 170 * The optional argument [database] is the path to a certificate database |
160 * directory containing root certificates for verifying certificate paths on | 171 * directory containing root certificates for verifying certificate paths on |
161 * client connections, and server certificates to provide on server | 172 * client connections, and server certificates to provide on server |
162 * connections. The argument [password] should be used when creating | 173 * connections. The argument [password] should be used when creating |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
327 certificateName, | 338 certificateName, |
328 is_server: true, | 339 is_server: true, |
329 socket: socket, | 340 socket: socket, |
330 subscription: subscription, | 341 subscription: subscription, |
331 bufferedData: bufferedData, | 342 bufferedData: bufferedData, |
332 requestClientCertificate: requestClientCertificate, | 343 requestClientCertificate: requestClientCertificate, |
333 requireClientCertificate: requireClientCertificate); | 344 requireClientCertificate: requireClientCertificate); |
334 } | 345 } |
335 | 346 |
336 /** | 347 /** |
| 348 * Renegotiate an existing secure connection, renewing the session keys |
| 349 * and possibly changing the connection properties. |
| 350 * |
| 351 * This repeats the SSL or TLS handshake, with options that allow clearing |
| 352 * the session cache and requesting a client certificate. |
| 353 */ |
| 354 void renegotiate({bool useSessionCache: true, |
| 355 bool requestClientCertificate: false, |
| 356 bool requireClientCertificate: false}); |
| 357 |
| 358 /** |
337 * Get the peer certificate for a connected RawSecureSocket. If this | 359 * Get the peer certificate for a connected RawSecureSocket. If this |
338 * RawSecureSocket is the server end of a secure socket connection, | 360 * RawSecureSocket is the server end of a secure socket connection, |
339 * [peerCertificate] will return the client certificate, or null, if no | 361 * [peerCertificate] will return the client certificate, or null, if no |
340 * client certificate was received. If it is the client end, | 362 * client certificate was received. If it is the client end, |
341 * [peerCertificate] will return the server's certificate. | 363 * [peerCertificate] will return the server's certificate. |
342 */ | 364 */ |
343 X509Certificate get peerCertificate; | 365 X509Certificate get peerCertificate; |
344 } | 366 } |
345 | 367 |
346 | 368 |
(...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
778 _secureFilter.handshake(); | 800 _secureFilter.handshake(); |
779 _filterStatus.writeEmpty = false; | 801 _filterStatus.writeEmpty = false; |
780 _readSocket(); | 802 _readSocket(); |
781 _writeSocket(); | 803 _writeSocket(); |
782 _scheduleFilter(); | 804 _scheduleFilter(); |
783 } catch (e) { | 805 } catch (e) { |
784 _reportError(e); | 806 _reportError(e); |
785 } | 807 } |
786 } | 808 } |
787 | 809 |
| 810 void renegotiate({bool useSessionCache: true, |
| 811 bool requestClientCertificate: false, |
| 812 bool requireClientCertificate: false}) { |
| 813 if (_status != CONNECTED) { |
| 814 throw new HandshakeException( |
| 815 "Called renegotiate on a non-connected socket"); |
| 816 } |
| 817 _secureFilter.renegotiate(useSessionCache, |
| 818 requestClientCertificate, |
| 819 requireClientCertificate); |
| 820 _status = HANDSHAKE; |
| 821 _filterStatus.writeEmpty = false; |
| 822 _scheduleFilter(); |
| 823 } |
| 824 |
788 void _secureHandshakeCompleteHandler() { | 825 void _secureHandshakeCompleteHandler() { |
789 _status = CONNECTED; | 826 _status = CONNECTED; |
790 if (_connectPending) { | 827 if (_connectPending) { |
791 _connectPending = false; | 828 _connectPending = false; |
792 // We don't want user code to run synchronously in this callback. | 829 // We don't want user code to run synchronously in this callback. |
793 Timer.run(() => _handshakeComplete.complete(this)); | 830 Timer.run(() => _handshakeComplete.complete(this)); |
794 } | 831 } |
795 } | 832 } |
796 | 833 |
797 void _onPauseStateChange() { | 834 void _onPauseStateChange() { |
(...skipping 353 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1151 void connect(String hostName, | 1188 void connect(String hostName, |
1152 Uint8List addr, | 1189 Uint8List addr, |
1153 int port, | 1190 int port, |
1154 bool is_server, | 1191 bool is_server, |
1155 String certificateName, | 1192 String certificateName, |
1156 bool requestClientCertificate, | 1193 bool requestClientCertificate, |
1157 bool requireClientCertificate, | 1194 bool requireClientCertificate, |
1158 bool sendClientCertificate); | 1195 bool sendClientCertificate); |
1159 void destroy(); | 1196 void destroy(); |
1160 void handshake(); | 1197 void handshake(); |
| 1198 void rehandshake(); |
| 1199 void renegotiate(bool useSessionCache, |
| 1200 bool requestClientCertificate, |
| 1201 bool requireClientCertificate); |
1161 void init(); | 1202 void init(); |
1162 X509Certificate get peerCertificate; | 1203 X509Certificate get peerCertificate; |
1163 int processBuffer(int bufferIndex); | 1204 int processBuffer(int bufferIndex); |
1164 void registerBadCertificateCallback(Function callback); | 1205 void registerBadCertificateCallback(Function callback); |
1165 void registerHandshakeCompleteCallback(Function handshakeCompleteHandler); | 1206 void registerHandshakeCompleteCallback(Function handshakeCompleteHandler); |
1166 int _pointer(); | 1207 int _pointer(); |
1167 | 1208 |
1168 List<_ExternalBuffer> get buffers; | 1209 List<_ExternalBuffer> get buffers; |
1169 } | 1210 } |
1170 | 1211 |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1214 /** | 1255 /** |
1215 * An exception that happens in the handshake phase of establishing | 1256 * An exception that happens in the handshake phase of establishing |
1216 * a secure network connection, when looking up or verifying a | 1257 * a secure network connection, when looking up or verifying a |
1217 * certificate. | 1258 * certificate. |
1218 */ | 1259 */ |
1219 class CertificateException extends TlsException { | 1260 class CertificateException extends TlsException { |
1220 const CertificateException([String message = "", | 1261 const CertificateException([String message = "", |
1221 OSError osError = null]) | 1262 OSError osError = null]) |
1222 : super._("CertificateException", message, osError); | 1263 : super._("CertificateException", message, osError); |
1223 } | 1264 } |
OLD | NEW |