dart:io | Add SecureSocket.importPrivateCertificates, that reads a PKCS#12 file.

sdk/lib/io/secure_socket.dart

Index: sdk/lib/io/secure_socket.dart
diff --git a/sdk/lib/io/secure_socket.dart b/sdk/lib/io/secure_socket.dart
index 2fd9659bc5d27c3c0ecc844dbdd7fc5a20e00a04..4a6bd35ca843e2d3546af88c6ea2af82a26e530d 100644
--- a/sdk/lib/io/secure_socket.dart
+++ b/sdk/lib/io/secure_socket.dart
@@ -96,7 +96,6 @@ abstract class SecureSocket implements Socket {
     return completer.future;
   }
 
-
   /**
    * Takes an already connected [socket] and starts server side TLS
    * handshake to make the communication secure. When the returned
@@ -205,18 +204,17 @@ abstract class SecureSocket implements Socket {
    */
   external static void initialize({String database,
                                    String password,
-                                   bool useBuiltinRoots: true});
-
+                                   bool useBuiltinRoots: true,
+                                   bool readOnly: true});
 
   /**
-   * Trust strings for use in [addCertificate].
+   * Trust strings for use in [addCertificate] and [changeTrust].
    */
   static const String TRUST_ISSUE_SERVER_CERTIFICATES = 'C,,';
   static const String TRUST_ISSUE_CLIENT_CERTIFICATES = 'T,,';
   static const String TRUST_ISSUE_CLIENT_SERVER_CERTIFICATES = 'TC,,';
   static const String TRUST_CERTIFICATE = 'P,,';
 
-
   /**
    * Adds a X509 certificate (for SSL and TLS secure networking) to the
    * in-memory certificate database.  Returns an X509Certificate object
@@ -240,6 +238,52 @@ abstract class SecureSocket implements Socket {
    */
   external static X509Certificate addCertificate(List<int> certificate,
                                                  String trust);
+
+  /**
+   * Adds a X509 certificates (for SSL and TLS secure networking) with
+   * their private keys to the in-memory certificate database.

[Søren Gjesse, 2013/08/07 07:32:28]

As I understood it is not only imported into the in-memory certificate database
but also stored persistently in it. It is great if it is only transient in the
in-memory database.

[Bill Hesse, 2013/08/08 17:39:21]

Removed in-memory database.  Will check what happens in the various cases.

+   *
+   * [certificates] must be a list containing the bytes of a PKCS#12 encoded
+   * list of certificates and private keys.  These are commonly called
+   * .pk files.

[Søren Gjesse, 2013/08/07 07:32:28]

Change the .pk extension.

Put `` around extensions.

[Bill Hesse, 2013/08/08 17:39:21]

Done.

+   *

[Søren Gjesse, 2013/08/07 07:32:28]

If limiting the ciphers please list the range which can actually be used here.

[Bill Hesse, 2013/08/08 17:39:21]

Done.

+   * All certificates are imported with no default trust, and the appropriate
+   * uses of each certificate must be added with SecureSocket.changeTrust.

[Søren Gjesse, 2013/08/07 07:32:28]

Add `` around SecureSocket.changeTrust.

[Bill Hesse, 2013/08/08 17:39:21]

Done.

+   *
+   * See the documentation of NSS certutil at
+   * http://developer.mozilla.org/en-US/docs/NSS_reference/NSS_tools_:_certutil
+   * or
+   * http://blogs.oracle.com/meena/entry/notes_about_trust_flags
+   * for more information about trust attributes.
+   */
+  external static importPrivateCertificates(List<int> certificates,
+                                            String password);
+
+  /**
+   * Changes the trust settings for the certificate with nickname [nickname].
+   * This certificate can be in a permanent certificate database, or
+   * in the temporary in-memory database of certificates.
+   *
+   * [trust] is a string specifying the allowed uses of this certificate.
+   * For example, 'TC,,' specifies that the certificate is for a certificate
+   * authority that is trusted to issue server and client certificates, so
+   * that a server or client certificate signed by this authority will be
+   * accepted.
+   *
+   * See the documentation of NSS certutil at
+   * http://developer.mozilla.org/en-US/docs/NSS_reference/NSS_tools_:_certutil
+   * or
+   * http://blogs.oracle.com/meena/entry/notes_about_trust_flags
+   * for more information about trust attributes.
+   */
+  external static X509Certificate changeTrust(String nickname,
+                                              String trust);
+
+  /**
+   * Removes the certificate with nickname [nickname] permanently from
+   * the certificate database.
+   */
+  external static removeCertificate(String nickname);
 }