dart:io | Support connection renegotiation (rehandshake) on SecureSocket.

runtime/bin/secure_socket.cc

Index: runtime/bin/secure_socket.cc
diff --git a/runtime/bin/secure_socket.cc b/runtime/bin/secure_socket.cc
index d308b3bf83ef781f24c03fb6758877a645c25edd..63dfa77fd9dd5f4c26a49f3e0a978024d4956807 100644
--- a/runtime/bin/secure_socket.cc
+++ b/runtime/bin/secure_socket.cc
@@ -189,6 +189,23 @@ void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) {
 }
 
 
+void FUNCTION_NAME(SecureSocket_Renegotiate)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  bool use_session_cache =
+      DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 1));
+  bool request_client_certificate =
+      DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 2));
+  bool require_client_certificate =
+      DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 3));
+  request_client_certificate =
+      request_client_certificate || require_client_certificate;

[Anders Johnsen, 2013/07/11 11:20:32]

Please add a comment here. It's hard to understand from the context that this is
needed. Would it make more sense to move it to Renegotiate?

[Bill Hesse, 2013/07/11 15:25:42]

Done.

+  GetFilter(args)->Renegotiate(use_session_cache,
+                               request_client_certificate,
+                               require_client_certificate);
+  Dart_ExitScope();
+}
+
+
 void FUNCTION_NAME(SecureSocket_RegisterHandshakeCompleteCallback)(
     Dart_NativeArguments args) {
   Dart_EnterScope();
@@ -827,6 +844,36 @@ void SSLFilter::Handshake() {
 }
 
 
+void SSLFilter::Renegotiate(bool use_session_cache,
+                            bool request_client_certificate,
+                            bool require_client_certificate) {
+  SECStatus status;
+  PRBool request_cert = request_client_certificate ? PR_TRUE : PR_FALSE;

[Anders Johnsen, 2013/07/11 11:20:32]

It can not be cast directly?

[Bill Hesse, 2013/07/11 15:25:42]

Yes,  It doesn't even need a cast anymore - PRBool is just an int.

[Bill Hesse, 2013/07/11 15:25:42]

Yes, the implicit bool -> int cast produces 0 and 1,
the same as the enum values PR_FALSE and PR_TRUE

+  status = SSL_OptionSet(filter_, SSL_REQUEST_CERTIFICATE, request_cert);
+  if (status != SECSuccess) {
+    ThrowPRException("TlsException",
+       "Failure in (Raw)SecureSocket.renegotiate request_client_certificate");
+  }
+  PRBool require_cert = require_client_certificate ? PR_TRUE : PR_FALSE;
+  status = SSL_OptionSet(filter_, SSL_REQUIRE_CERTIFICATE, require_cert);
+  if (status != SECSuccess) {
+    ThrowPRException("TlsException",
+       "Failure in (Raw)SecureSocket.renegotiate require_client_certificate");
+  }
+  PRBool flush_cache = use_session_cache ? PR_FALSE : PR_TRUE;

[Anders Johnsen, 2013/07/11 11:20:32]

Please don't negate in this 'cast'. Hard to read.

[Bill Hesse, 2013/07/11 15:25:42]

Done.

+  status = SSL_ReHandshake(filter_, flush_cache);
+  if (status != SECSuccess) {
+    if (is_server_) {
+      ThrowPRException("HandshakeException",
+                       "Failure in (Raw)SecureSocket.renegotiate in server");
+    } else {
+      ThrowPRException("HandshakeException",
+                       "Failure in (Raw)SecureSocket.renegotiate in client");
+    }
+  }
+}
+
+
 void SSLFilter::Destroy() {
   for (int i = 0; i < kNumBuffers; ++i) {
     Dart_DeletePersistentHandle(dart_buffer_objects_[i]);