dart:io | Support connection renegotiation (rehandshake) on SecureSocket.

sdk/lib/io/secure_socket.dart

Index: sdk/lib/io/secure_socket.dart
diff --git a/sdk/lib/io/secure_socket.dart b/sdk/lib/io/secure_socket.dart
index 417534a5d7f632b50484bb4cbe2749b63754361b..231b82cbdb7db8c3855486d8e8a44bfb4782c54c 100644
--- a/sdk/lib/io/secure_socket.dart
+++ b/sdk/lib/io/secure_socket.dart
@@ -150,6 +150,17 @@ abstract class SecureSocket implements Socket {
   X509Certificate get peerCertificate;
 
   /**
+   * Renegotiate an existing secure connection, renewing the session keys
+   * and possibly changing the connection properties.
+   *
+   * This repeats the SSL or TLS handshake, with options that allow clearing
+   * the session cache and requesting a client certificate.
+   */
+  void renegotiate({bool useSessionCache: true,
+                    bool requestClientCertificate: false,
+                    bool requireClientCertificate: false});
+
+  /**
    * Initializes the NSS library. If [initialize] is not called, the library
    * is automatically initialized as if [initialize] were called with no
    * arguments. If [initialize] is called more than once, or called after
@@ -334,6 +345,17 @@ abstract class RawSecureSocket implements RawSocket {
   }
 
   /**
+   * Renegotiate an existing secure connection, renewing the session keys
+   * and possibly changing the connection properties.
+   *
+   * This repeats the SSL or TLS handshake, with options that allow clearing
+   * the session cache and requesting a client certificate.
+   */
+  void renegotiate({bool useSessionCache: true,
+                    bool requestClientCertificate: false,
+                    bool requireClientCertificate: false});
+
+  /**
    * Get the peer certificate for a connected RawSecureSocket.  If this
    * RawSecureSocket is the server end of a secure socket connection,
    * [peerCertificate] will return the client certificate, or null, if no
@@ -785,6 +807,25 @@ class _RawSecureSocket extends Stream<RawSocketEvent>
     }
   }
 
+  void renegotiate({bool useSessionCache: true,
+                    bool requestClientCertificate: false,
+                    bool requireClientCertificate: false}) {
+    try {
+      if (_status != CONNECTED) {

[Anders Johnsen, 2013/07/11 11:20:32]

I would expect this to be a StateError thrown directly, not something that'll
modify the filter.

[Bill Hesse, 2013/07/11 15:25:42]

Done.

+        throw new HandshakeException(
+            "Called renegotiate on a non-connected socket");
+      }
+      _secureFilter.renegotiate(useSessionCache,
+                                requestClientCertificate,
+                                requireClientCertificate);
+      _status = HANDSHAKE;
+      _filterStatus.writeEmpty = false;
+      _scheduleFilter();
+    } catch (e) {
+      _reportError(e);
+    }
+  }
+
   void _secureHandshakeCompleteHandler() {
     _status = CONNECTED;
     if (_connectPending) {
@@ -1158,6 +1199,10 @@ abstract class _SecureFilter {
                bool sendClientCertificate);
   void destroy();
   void handshake();
+  void rehandshake();
+  void renegotiate(bool useSessionCache,
+                   bool requestClientCertificate,
+                   bool requireClientCertificate);
   void init();
   X509Certificate get peerCertificate;
   int processBuffer(int bufferIndex);