| OLD | NEW |
|---|
| 1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 part of dart.io; | 5 part of dart.io; |
| 6 | 6 |
| 7 /** | 7 /** |
| 8 * The object containing the certificates to trust when making | 8 * The object containing the certificates to trust when making |
| 9 * a secure client connection, and the certificate chain and | 9 * a secure client connection, and the certificate chain and |
| 10 * private key to serve from a secure server. | 10 * private key to serve from a secure server. |
| 11 * | 11 * |
| 12 * The [SecureSocket] and [SecureServer] classes take a SecurityContext | 12 * The [SecureSocket] and [SecureServerSocket] classes take a SecurityContext |
| 13 * as an argument to their connect and bind methods. | 13 * as an argument to their connect and bind methods. |
| 14 * | 14 * |
| 15 * Certificates and keys can be added to a SecurityContext from either PEM | 15 * Certificates and keys can be added to a SecurityContext from either PEM |
| 16 * or PKCS12 containers. | 16 * or PKCS12 containers. |
| 17 * | 17 * |
| 18 * iOS note: Some methods to add, remove, and inspect certificates are not yet | 18 * iOS note: Some methods to add, remove, and inspect certificates are not yet |
| 19 * implemented. However, the platform's built-in trusted certificates can | 19 * implemented. However, the platform's built-in trusted certificates can |
| 20 * be used, by way of [SecurityContext.defaultContext]. | 20 * be used, by way of [SecurityContext.defaultContext]. |
| 21 */ | 21 */ |
| 22 abstract class SecurityContext { | 22 abstract class SecurityContext { |
| (...skipping 15 matching lines...) Expand all Loading... |
| 38 /** | 38 /** |
| 39 * Sets the private key for a server certificate or client certificate. | 39 * Sets the private key for a server certificate or client certificate. |
| 40 * | 40 * |
| 41 * A secure connection using this SecurityContext will use this key with | 41 * A secure connection using this SecurityContext will use this key with |
| 42 * the server or client certificate to sign and decrypt messages. | 42 * the server or client certificate to sign and decrypt messages. |
| 43 * [file] is the path to a PEM or PKCS12 file containing an encrypted | 43 * [file] is the path to a PEM or PKCS12 file containing an encrypted |
| 44 * private key, encrypted with [password]. Assuming it is well-formatted, all | 44 * private key, encrypted with [password]. Assuming it is well-formatted, all |
| 45 * other contents of [file] are ignored. An unencrypted file can be used, | 45 * other contents of [file] are ignored. An unencrypted file can be used, |
| 46 * but this is not usual. | 46 * but this is not usual. |
| 47 * | 47 * |
| 48 * NB: This function calls [ReadFileAsBytesSync], and will block on file IO. | 48 * NB: This function calls [File.readAsBytesSync], and will block on file IO. |
| 49 * Prefer using [usePrivateKeyBytes]. | 49 * Prefer using [usePrivateKeyBytes]. |
| 50 * | 50 * |
| 51 * iOS note: Only PKCS12 data is supported. It should contain both the private | 51 * iOS note: Only PKCS12 data is supported. It should contain both the private |
| 52 * key and the certificate chain. On iOS one call to [usePrivateKey] with this | 52 * key and the certificate chain. On iOS one call to [usePrivateKey] with this |
| 53 * data is used instead of two calls to [useCertificateChain] and | 53 * data is used instead of two calls to [useCertificateChain] and |
| 54 * [usePrivateKey]. | 54 * [usePrivateKey]. |
| 55 */ | 55 */ |
| 56 void usePrivateKey(String file, {String password}); | 56 void usePrivateKey(String file, {String password}); |
| 57 | 57 |
| 58 /** | 58 /** |
| 59 * Sets the private key for a server certificate or client certificate. | 59 * Sets the private key for a server certificate or client certificate. |
| 60 * | 60 * |
| 61 * Like [usePrivateKey], but takes the contents of the file as a list | 61 * Like [usePrivateKey], but takes the contents of the file as a list |
| 62 * of bytes. | 62 * of bytes. |
| 63 */ | 63 */ |
| 64 void usePrivateKeyBytes(List<int> keyBytes, {String password}); | 64 void usePrivateKeyBytes(List<int> keyBytes, {String password}); |
| 65 | 65 |
| 66 /** | 66 /** |
| 67 * Sets the set of trusted X509 certificates used by [SecureSocket] | 67 * Sets the set of trusted X509 certificates used by [SecureSocket] |
| 68 * client connections, when connecting to a secure server. | 68 * client connections, when connecting to a secure server. |
| 69 * | 69 * |
| 70 * [file] is the path to a PEM or PKCS12 file containing X509 certificates, | 70 * [file] is the path to a PEM or PKCS12 file containing X509 certificates, |
| 71 * usually root certificates from certificate authorities. For PKCS12 files, | 71 * usually root certificates from certificate authorities. For PKCS12 files, |
| 72 * [password] is the password for the file. For PEM files, [password] is | 72 * [password] is the password for the file. For PEM files, [password] is |
| 73 * ignored. Assuming it is well-formatted, all other contents of [file] are | 73 * ignored. Assuming it is well-formatted, all other contents of [file] are |
| 74 * ignored. | 74 * ignored. |
| 75 * | 75 * |
| 76 * NB: This function calls [ReadFileAsBytesSync], and will block on file IO. | 76 * NB: This function calls [File.readAsBytesSync], and will block on file IO. |
| 77 * Prefer using [setTrustedCertificatesBytes]. | 77 * Prefer using [setTrustedCertificatesBytes]. |
| 78 * | 78 * |
| 79 * iOS note: On iOS, this call takes only the bytes for a single DER | 79 * iOS note: On iOS, this call takes only the bytes for a single DER |
| 80 * encoded X509 certificate. It may be called multiple times to add | 80 * encoded X509 certificate. It may be called multiple times to add |
| 81 * multiple trusted certificates to the context. A DER encoded certificate | 81 * multiple trusted certificates to the context. A DER encoded certificate |
| 82 * can be obtained from a PEM encoded certificate by using the openssl tool: | 82 * can be obtained from a PEM encoded certificate by using the openssl tool: |
| 83 * | 83 * |
| 84 * $ openssl x509 -outform der -in cert.pem -out cert.der | 84 * $ openssl x509 -outform der -in cert.pem -out cert.der |
| 85 */ | 85 */ |
| 86 void setTrustedCertificates(String file, {String password}); | 86 void setTrustedCertificates(String file, {String password}); |
| 87 | 87 |
| 88 /** | 88 /** |
| 89 * Sets the set of trusted X509 certificates used by [SecureSocket] | 89 * Sets the set of trusted X509 certificates used by [SecureSocket] |
| 90 * client connections, when connecting to a secure server. | 90 * client connections, when connecting to a secure server. |
| 91 * | 91 * |
| 92 * Like [setTrustedCertificates] but takes the contents of the file. | 92 * Like [setTrustedCertificates] but takes the contents of the file. |
| 93 */ | 93 */ |
| 94 void setTrustedCertificatesBytes(List<int> certBytes, {String password}); | 94 void setTrustedCertificatesBytes(List<int> certBytes, {String password}); |
| 95 | 95 |
| 96 /** | 96 /** |
| 97 * Sets the chain of X509 certificates served by [SecureServer] | 97 * Sets the chain of X509 certificates served by [SecureServerSocket] |
| 98 * when making secure connections, including the server certificate. | 98 * when making secure connections, including the server certificate. |
| 99 * | 99 * |
| 100 * [file] is a PEM or PKCS12 file containing X509 certificates, starting with | 100 * [file] is a PEM or PKCS12 file containing X509 certificates, starting with |
| 101 * the root authority and intermediate authorities forming the signed | 101 * the root authority and intermediate authorities forming the signed |
| 102 * chain to the server certificate, and ending with the server certificate. | 102 * chain to the server certificate, and ending with the server certificate. |
| 103 * The private key for the server certificate is set by [usePrivateKey]. For | 103 * The private key for the server certificate is set by [usePrivateKey]. For |
| 104 * PKCS12 files, [password] is the password for the file. For PEM files, | 104 * PKCS12 files, [password] is the password for the file. For PEM files, |
| 105 * [password] is ignored. Assuming it is well-formatted, all | 105 * [password] is ignored. Assuming it is well-formatted, all |
| 106 * other contents of [file] are ignored. | 106 * other contents of [file] are ignored. |
| 107 * | 107 * |
| 108 * NB: This function calls [ReadFileAsBytesSync], and will block on file IO. | 108 * NB: This function calls [File.readAsBytesSync], and will block on file IO. |
| 109 * Prefer using [useCertificateChainBytes]. | 109 * Prefer using [useCertificateChainBytes]. |
| 110 * | 110 * |
| 111 * iOS note: As noted above, [usePrivateKey] does the job of both | 111 * iOS note: As noted above, [usePrivateKey] does the job of both |
| 112 * that call and this one. On iOS, this call is a no-op. | 112 * that call and this one. On iOS, this call is a no-op. |
| 113 */ | 113 */ |
| 114 void useCertificateChain(String file, {String password}); | 114 void useCertificateChain(String file, {String password}); |
| 115 | 115 |
| 116 /** | 116 /** |
| 117 * Sets the chain of X509 certificates served by [SecureServer] | 117 * Sets the chain of X509 certificates served by [SecureServerSocket] |
| 118 * when making secure connections, including the server certificate. | 118 * when making secure connections, including the server certificate. |
| 119 * | 119 * |
| 120 * Like [useCertificateChain] but takes the contents of the file. | 120 * Like [useCertificateChain] but takes the contents of the file. |
| 121 */ | 121 */ |
| 122 void useCertificateChainBytes(List<int> chainBytes, {String password}); | 122 void useCertificateChainBytes(List<int> chainBytes, {String password}); |
| 123 | 123 |
| 124 /** | 124 /** |
| 125 * Sets the list of authority names that a [SecureServer] will advertise | 125 * Sets the list of authority names that a [SecureServerSocket] will advertise |
| 126 * as accepted when requesting a client certificate from a connecting | 126 * as accepted when requesting a client certificate from a connecting |
| 127 * client. | 127 * client. |
| 128 * | 128 * |
| 129 * [file] is a PEM or PKCS12 file containing the accepted signing | 129 * [file] is a PEM or PKCS12 file containing the accepted signing |
| 130 * authority certificates - the authority names are extracted from the | 130 * authority certificates - the authority names are extracted from the |
| 131 * certificates. For PKCS12 files, [password] is the password for the file. | 131 * certificates. For PKCS12 files, [password] is the password for the file. |
| 132 * For PEM files, [password] is ignored. Assuming it is well-formatted, all | 132 * For PEM files, [password] is ignored. Assuming it is well-formatted, all |
| 133 * other contents of [file] are ignored. | 133 * other contents of [file] are ignored. |
| 134 * | 134 * |
| 135 * NB: This function calls [ReadFileAsBytesSync], and will block on file IO. | 135 * NB: This function calls [File.readAsBytesSync], and will block on file IO. |
| 136 * Prefer using [setClientAuthoritiesBytes]. | 136 * Prefer using [setClientAuthoritiesBytes]. |
| 137 * | 137 * |
| 138 * iOS note: This call is not supported. | 138 * iOS note: This call is not supported. |
| 139 */ | 139 */ |
| 140 void setClientAuthorities(String file, {String password}); | 140 void setClientAuthorities(String file, {String password}); |
| 141 | 141 |
| 142 /** | 142 /** |
| 143 * Sets the list of authority names that a [SecureServer] will advertise | 143 * Sets the list of authority names that a [SecureServerSocket] will advertise |
| 144 * as accepted, when requesting a client certificate from a connecting | 144 * as accepted, when requesting a client certificate from a connecting |
| 145 * client. | 145 * client. |
| 146 * | 146 * |
| 147 * Like [setClientAuthority] but takes the contents of the file. | 147 * Like [setClientAuthorities] but takes the contents of the file. |
| 148 */ | 148 */ |
| 149 void setClientAuthoritiesBytes(List<int> authCertBytes, {String password}); | 149 void setClientAuthoritiesBytes(List<int> authCertBytes, {String password}); |
| 150 | 150 |
| 151 /** | 151 /** |
| 152 * Whether the platform supports ALPN. | 152 * Whether the platform supports ALPN. |
| 153 */ | 153 */ |
| 154 external static bool get alpnSupported; | 154 external static bool get alpnSupported; |
| 155 | 155 |
| 156 /** | 156 /** |
| 157 * Sets the list of application-level protocols supported by a client | 157 * Sets the list of application-level protocols supported by a client |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 258 } | 258 } |
| 259 | 259 |
| 260 if (bytes.length >= (1 << 13)) { | 260 if (bytes.length >= (1 << 13)) { |
| 261 throw new ArgumentError( | 261 throw new ArgumentError( |
| 262 'The maximum message length supported is 2^13-1.'); | 262 'The maximum message length supported is 2^13-1.'); |
| 263 } | 263 } |
| 264 | 264 |
| 265 return new Uint8List.fromList(bytes); | 265 return new Uint8List.fromList(bytes); |
| 266 } | 266 } |
| 267 } | 267 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2856123003:
Fix some bad documentation links. (Closed)
